|
 |
adf540 |
%global _hardened_build 1
|
|
|
adf540 |
|
|
|
adf540 |
%global systemctl_bin /usr/bin/systemctl
|
|
|
adf540 |
%global check_password_version 1.1
|
|
|
adf540 |
|
|
|
adf540 |
Name: openldap
|
|
|
adf540 |
Version: 2.4.44
|
|
|
adf540 |
Release: 21%{?dist}
|
|
|
adf540 |
Summary: LDAP support libraries
|
|
|
adf540 |
Group: System Environment/Daemons
|
|
|
adf540 |
License: OpenLDAP
|
|
|
adf540 |
URL: http://www.openldap.org/
|
|
|
adf540 |
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
|
|
adf540 |
Source1: slapd.service
|
|
|
adf540 |
Source2: slapd.sysconfig
|
|
|
adf540 |
Source3: slapd.tmpfiles
|
|
|
adf540 |
Source4: slapd.ldif
|
|
|
adf540 |
Source5: ldap.conf
|
|
|
adf540 |
Source6: openldap.tmpfiles
|
|
|
adf540 |
Source10: ltb-project-openldap-ppolicy-check-password-%{check_password_version}.tar.gz
|
|
|
adf540 |
Source50: libexec-functions
|
|
|
adf540 |
Source51: libexec-convert-config.sh
|
|
|
adf540 |
Source52: libexec-check-config.sh
|
|
|
adf540 |
Source53: libexec-upgrade-db.sh
|
|
|
adf540 |
Source54: libexec-create-certdb.sh
|
|
|
adf540 |
Source55: libexec-generate-server-cert.sh
|
|
|
adf540 |
Source56: libexec-update-ppolicy-schema.sh
|
|
|
adf540 |
|
|
|
adf540 |
# patches for 2.4
|
|
|
adf540 |
Patch0: openldap-manpages.patch
|
|
|
adf540 |
Patch1: openldap-ppolicy-loglevels.patch
|
|
|
adf540 |
Patch2: openldap-sql-linking.patch
|
|
|
adf540 |
Patch3: openldap-reentrant-gethostby.patch
|
|
|
adf540 |
Patch4: openldap-smbk5pwd-overlay.patch
|
|
|
adf540 |
Patch5: openldap-ldaprc-currentdir.patch
|
|
|
adf540 |
Patch6: openldap-userconfig-setgid.patch
|
|
|
adf540 |
Patch7: openldap-allop-overlay.patch
|
|
|
adf540 |
Patch8: openldap-syncrepl-unset-tls-options.patch
|
|
|
adf540 |
Patch9: openldap-man-sasl-nocanon.patch
|
|
|
adf540 |
Patch10: openldap-ai-addrconfig.patch
|
|
|
adf540 |
# fix back_perl problems with lt_dlopen()
|
|
|
adf540 |
# might cause crashes because of symbol collisions
|
|
|
adf540 |
# the proper fix is to link all perl modules against libperl
|
|
|
adf540 |
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585
|
|
|
adf540 |
Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
|
|
|
adf540 |
# ldapi sasl fix pending upstream inclusion
|
|
|
adf540 |
Patch20: openldap-ldapi-sasl.patch
|
|
|
adf540 |
# coverity - missin_unlock in servers/slapd/overlays/accesslog.c
|
|
|
adf540 |
Patch21: openldap-missing-unlock-in-accesslog-overlay.patch
|
|
|
adf540 |
Patch23: openldap-module-passwd-sha2.patch
|
|
|
adf540 |
# pending upstream inclusion, ITS #7744
|
|
|
adf540 |
Patch24: openldap-man-tls-reqcert.patch
|
|
|
adf540 |
Patch25: openldap-man-ldap-conf.patch
|
|
|
adf540 |
Patch35: openldap-ITS8428-init-sc_writewait.patch
|
|
|
adf540 |
Patch36: openldap-bdb_idl_fetch_key-correct-key-pointer.patch
|
|
|
adf540 |
Patch37: openldap-ITS8655-fix-double-free-on-paged-search-with-pagesize-0.patch
|
|
|
adf540 |
Patch38: openldap-ITS8720-back-ldap-starttls-timeout.patch
|
|
|
adf540 |
|
|
|
adf540 |
# fixes for DH and ECDH
|
|
|
adf540 |
Patch50: openldap-openssl-its7506-fix-DH-params-1.patch
|
|
|
adf540 |
Patch51: openldap-openssl-its7506-fix-DH-params-2.patch
|
|
|
adf540 |
Patch52: openldap-openssl-ITS7595-Add-EC-support-1.patch
|
|
|
adf540 |
Patch53: openldap-openssl-ITS7595-Add-EC-support-2.patch
|
|
|
adf540 |
|
|
|
adf540 |
# check-password module specific patches
|
|
|
adf540 |
Patch90: check-password-makefile.patch
|
|
|
adf540 |
Patch91: check-password.patch
|
|
|
adf540 |
Patch92: check-password-loglevels.patch
|
|
|
adf540 |
|
|
|
adf540 |
# MozNSS compatibility layer
|
|
|
adf540 |
Patch101: openldap-tlsmc.patch
|
|
|
adf540 |
# Fedora specific patches
|
|
|
adf540 |
Patch102: openldap-fedora-systemd.patch
|
|
|
adf540 |
|
|
|
adf540 |
BuildRequires: cyrus-sasl-devel, nss-devel, openssl-devel, krb5-devel, tcp_wrappers-devel, unixODBC-devel
|
|
|
adf540 |
BuildRequires: glibc-devel, libtool, libtool-ltdl-devel, groff, perl, perl-devel, perl(ExtUtils::Embed)
|
|
|
adf540 |
Requires: nss-tools
|
|
|
adf540 |
Requires(post): rpm, coreutils, findutils
|
|
|
adf540 |
|
|
|
adf540 |
%description
|
|
|
adf540 |
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
|
|
|
adf540 |
Protocol) applications and development tools. LDAP is a set of
|
|
|
adf540 |
protocols for accessing directory services (usually phone book style
|
|
|
adf540 |
information, but other information is possible) over the Internet,
|
|
|
adf540 |
similar to the way DNS (Domain Name System) information is propagated
|
|
|
adf540 |
over the Internet. The openldap package contains configuration files,
|
|
|
adf540 |
libraries, and documentation for OpenLDAP.
|
|
|
adf540 |
|
|
|
adf540 |
%package devel
|
|
|
adf540 |
Summary: LDAP development libraries and header files
|
|
|
adf540 |
Group: Development/Libraries
|
|
|
adf540 |
Requires: openldap%{?_isa} = %{version}-%{release}, cyrus-sasl-devel%{?_isa}
|
|
|
adf540 |
|
|
|
adf540 |
%description devel
|
|
|
adf540 |
The openldap-devel package includes the development libraries and
|
|
|
adf540 |
header files needed for compiling applications that use LDAP
|
|
|
adf540 |
(Lightweight Directory Access Protocol) internals. LDAP is a set of
|
|
|
adf540 |
protocols for enabling directory services over the Internet. Install
|
|
|
adf540 |
this package only if you plan to develop or will need to compile
|
|
|
adf540 |
customized LDAP clients.
|
|
|
adf540 |
|
|
|
adf540 |
%package servers
|
|
|
adf540 |
Summary: LDAP server
|
|
|
adf540 |
License: OpenLDAP
|
|
|
adf540 |
Requires: openldap%{?_isa} = %{version}-%{release}, libdb-utils
|
|
|
adf540 |
Requires(pre): shadow-utils
|
|
|
adf540 |
Requires(post): systemd, systemd-sysv, chkconfig
|
|
|
adf540 |
Requires(preun): systemd
|
|
|
adf540 |
Requires(postun): systemd
|
|
|
adf540 |
BuildRequires: libdb-devel
|
|
|
adf540 |
BuildRequires: systemd-units
|
|
|
adf540 |
BuildRequires: cracklib-devel
|
|
|
adf540 |
Group: System Environment/Daemons
|
|
|
adf540 |
# migrationtools (slapadd functionality):
|
|
|
adf540 |
Provides: ldif2ldbm
|
|
|
adf540 |
|
|
|
adf540 |
%description servers
|
|
|
adf540 |
OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
|
|
|
adf540 |
Protocol) applications and development tools. LDAP is a set of
|
|
|
adf540 |
protocols for accessing directory services (usually phone book style
|
|
|
adf540 |
information, but other information is possible) over the Internet,
|
|
|
adf540 |
similar to the way DNS (Domain Name System) information is propagated
|
|
|
adf540 |
over the Internet. This package contains the slapd server and related files.
|
|
|
adf540 |
|
|
|
adf540 |
%package servers-sql
|
|
|
adf540 |
Summary: SQL support module for OpenLDAP server
|
|
|
adf540 |
Requires: openldap-servers%{?_isa} = %{version}-%{release}
|
|
|
adf540 |
Group: System Environment/Daemons
|
|
|
adf540 |
|
|
|
adf540 |
%description servers-sql
|
|
|
adf540 |
OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
|
|
|
adf540 |
Protocol) applications and development tools. LDAP is a set of
|
|
|
adf540 |
protocols for accessing directory services (usually phone book style
|
|
|
adf540 |
information, but other information is possible) over the Internet,
|
|
|
adf540 |
similar to the way DNS (Domain Name System) information is propagated
|
|
|
adf540 |
over the Internet. This package contains a loadable module which the
|
|
|
adf540 |
slapd server can use to read data from an RDBMS.
|
|
|
adf540 |
|
|
|
adf540 |
%package clients
|
|
|
adf540 |
Summary: LDAP client utilities
|
|
|
adf540 |
Requires: openldap%{?_isa} = %{version}-%{release}
|
|
|
adf540 |
Group: Applications/Internet
|
|
|
adf540 |
|
|
|
adf540 |
%description clients
|
|
|
adf540 |
OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
|
|
|
adf540 |
Protocol) applications and development tools. LDAP is a set of
|
|
|
adf540 |
protocols for accessing directory services (usually phone book style
|
|
|
adf540 |
information, but other information is possible) over the Internet,
|
|
|
adf540 |
similar to the way DNS (Domain Name System) information is propagated
|
|
|
adf540 |
over the Internet. The openldap-clients package contains the client
|
|
|
adf540 |
programs needed for accessing and modifying OpenLDAP directories.
|
|
|
adf540 |
|
|
|
adf540 |
%prep
|
|
|
adf540 |
%setup -q -c -a 0 -a 10
|
|
|
adf540 |
|
|
|
adf540 |
pushd openldap-%{version}
|
|
|
adf540 |
|
|
|
adf540 |
%patch101 -p1
|
|
|
adf540 |
|
|
|
adf540 |
# alternative include paths for Mozilla NSS
|
|
|
adf540 |
ln -s %{_includedir}/nss3 include/nss
|
|
|
adf540 |
ln -s %{_includedir}/nspr4 include/nspr
|
|
|
adf540 |
|
|
|
adf540 |
AUTOMAKE=%{_bindir}/true autoreconf -fi
|
|
|
adf540 |
|
|
|
adf540 |
%patch0 -p1
|
|
|
adf540 |
%patch1 -p1
|
|
|
adf540 |
%patch2 -p1
|
|
|
adf540 |
%patch3 -p1
|
|
|
adf540 |
%patch4 -p1
|
|
|
adf540 |
%patch5 -p1
|
|
|
adf540 |
%patch6 -p1
|
|
|
adf540 |
%patch7 -p1
|
|
|
adf540 |
%patch8 -p1
|
|
|
adf540 |
%patch9 -p1
|
|
|
adf540 |
%patch10 -p1
|
|
|
adf540 |
%patch19 -p1
|
|
|
adf540 |
%patch20 -p1
|
|
|
adf540 |
%patch21 -p1
|
|
|
adf540 |
%patch23 -p1
|
|
|
adf540 |
%patch24 -p1
|
|
|
adf540 |
%patch25 -p1
|
|
|
adf540 |
%patch35 -p1
|
|
|
adf540 |
%patch36 -p1
|
|
|
adf540 |
%patch37 -p1
|
|
|
adf540 |
%patch38 -p1
|
|
|
adf540 |
%patch50 -p1
|
|
|
adf540 |
%patch51 -p1
|
|
|
adf540 |
%patch52 -p1
|
|
|
adf540 |
%patch53 -p1
|
|
|
adf540 |
|
|
|
adf540 |
%patch102 -p1
|
|
|
adf540 |
|
|
|
adf540 |
# build smbk5pwd with other overlays
|
|
|
adf540 |
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
|
|
adf540 |
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
|
|
adf540 |
# build allop with other overlays
|
|
|
adf540 |
ln -s ../../../contrib/slapd-modules/allop/allop.c servers/slapd/overlays
|
|
|
adf540 |
mv contrib/slapd-modules/allop/README contrib/slapd-modules/allop/README.allop
|
|
|
adf540 |
mv contrib/slapd-modules/allop/slapo-allop.5 doc/man/man5/slapo-allop.5
|
|
|
adf540 |
# build sha2 with other overlays
|
|
|
adf540 |
ln -s ../../../contrib/slapd-modules/passwd/sha2/{sha2.{c,h},slapd-sha2.c} \
|
|
|
adf540 |
servers/slapd/overlays
|
|
|
adf540 |
ls servers/slapd/overlays
|
|
|
adf540 |
mv contrib/slapd-modules/passwd/sha2/README{,.sha2}
|
|
|
adf540 |
|
|
|
adf540 |
mv servers/slapd/back-perl/README{,.back_perl}
|
|
|
adf540 |
|
|
|
adf540 |
# fix documentation encoding
|
|
|
adf540 |
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
|
|
|
adf540 |
iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8"
|
|
|
adf540 |
mv "$filename.utf8" "$filename"
|
|
|
adf540 |
done
|
|
|
adf540 |
|
|
|
adf540 |
popd
|
|
|
adf540 |
|
|
|
adf540 |
pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version}
|
|
|
adf540 |
%patch90 -p1
|
|
|
adf540 |
%patch91 -p1
|
|
|
adf540 |
%patch92 -p1
|
|
|
adf540 |
popd
|
|
|
adf540 |
|
|
|
adf540 |
%build
|
|
|
adf540 |
|
|
|
adf540 |
%ifarch s390 s390x
|
|
|
adf540 |
export CFLAGS="-fPIE"
|
|
|
adf540 |
%else
|
|
|
adf540 |
export CFLAGS="-fpie"
|
|
|
adf540 |
%endif
|
|
|
adf540 |
export LDFLAGS="-pie"
|
|
|
adf540 |
# avoid stray dependencies (linker flag --as-needed)
|
|
|
adf540 |
# enable experimental support for LDAP over UDP (LDAP_CONNECTIONLESS)
|
|
|
adf540 |
export CFLAGS="${CFLAGS} %{optflags} -Wl,-z,relro,-z,now,--as-needed -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS"
|
|
|
adf540 |
|
|
|
adf540 |
pushd openldap-%{version}
|
|
|
adf540 |
%configure \
|
|
|
adf540 |
--enable-debug \
|
|
|
adf540 |
--enable-dynamic \
|
|
|
adf540 |
--enable-syslog \
|
|
|
adf540 |
--enable-proctitle \
|
|
|
adf540 |
--enable-ipv6 \
|
|
|
adf540 |
--enable-local \
|
|
|
adf540 |
\
|
|
|
adf540 |
--enable-slapd \
|
|
|
adf540 |
--enable-dynacl \
|
|
|
adf540 |
--enable-aci \
|
|
|
adf540 |
--enable-cleartext \
|
|
|
adf540 |
--enable-crypt \
|
|
|
adf540 |
--enable-lmpasswd \
|
|
|
adf540 |
--enable-spasswd \
|
|
|
adf540 |
--enable-modules \
|
|
|
adf540 |
--enable-rewrite \
|
|
|
adf540 |
--enable-rlookups \
|
|
|
adf540 |
--enable-slapi \
|
|
|
adf540 |
--disable-slp \
|
|
|
adf540 |
--enable-wrappers \
|
|
|
adf540 |
\
|
|
|
adf540 |
--enable-backends=mod \
|
|
|
adf540 |
--enable-bdb=yes \
|
|
|
adf540 |
--enable-hdb=yes \
|
|
|
adf540 |
--enable-mdb=yes \
|
|
|
adf540 |
--enable-monitor=yes \
|
|
|
adf540 |
--disable-ndb \
|
|
|
adf540 |
\
|
|
|
adf540 |
--enable-overlays=mod \
|
|
|
adf540 |
\
|
|
|
adf540 |
--disable-static \
|
|
|
adf540 |
--enable-shared \
|
|
|
adf540 |
\
|
|
|
adf540 |
--enable-moznss-compatibility=yes \
|
|
|
adf540 |
\
|
|
|
adf540 |
--with-cyrus-sasl \
|
|
|
adf540 |
--without-fetch \
|
|
|
adf540 |
--with-threads \
|
|
|
adf540 |
--with-pic \
|
|
|
adf540 |
--with-gnu-ld \
|
|
|
adf540 |
\
|
|
|
adf540 |
--libexecdir=%{_libdir}
|
|
|
adf540 |
|
|
|
adf540 |
make %{_smp_mflags}
|
|
|
adf540 |
|
|
|
adf540 |
# build mdb_* tools
|
|
|
adf540 |
pushd libraries/liblmdb
|
|
|
adf540 |
export XCFLAGS="$CFLAGS"
|
|
|
adf540 |
make %{_smp_mflags}
|
|
|
adf540 |
popd
|
|
|
adf540 |
popd
|
|
|
adf540 |
|
|
|
adf540 |
pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version}
|
|
|
adf540 |
make LDAP_INC="-I../openldap-%{version}/include \
|
|
|
adf540 |
-I../openldap-%{version}/servers/slapd \
|
|
|
adf540 |
-I../openldap-%{version}/build-servers/include"
|
|
|
adf540 |
popd
|
|
|
adf540 |
|
|
|
adf540 |
%install
|
|
|
adf540 |
|
|
|
adf540 |
mkdir -p %{buildroot}%{_libdir}/
|
|
|
adf540 |
|
|
|
adf540 |
pushd openldap-%{version}
|
|
|
adf540 |
make install DESTDIR=%{buildroot} STRIP=""
|
|
|
adf540 |
pushd libraries/liblmdb
|
|
|
adf540 |
make install DESTDIR=%{buildroot}
|
|
|
adf540 |
popd
|
|
|
adf540 |
popd
|
|
|
adf540 |
|
|
|
adf540 |
# install check_password module
|
|
|
adf540 |
pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version}
|
|
|
adf540 |
mv check_password.so check_password.so.%{check_password_version}
|
|
|
adf540 |
ln -s check_password.so.%{check_password_version} %{buildroot}%{_libdir}/openldap/check_password.so
|
|
|
adf540 |
install -m 755 check_password.so.%{check_password_version} %{buildroot}%{_libdir}/openldap/
|
|
|
adf540 |
# install -m 644 README %{buildroot}%{_libdir}/openldap
|
|
|
adf540 |
install -d -m 755 %{buildroot}%{_sysconfdir}/openldap
|
|
|
adf540 |
cat > %{buildroot}%{_sysconfdir}/openldap/check_password.conf <
|
|
|
adf540 |
# OpenLDAP pwdChecker library configuration
|
|
|
adf540 |
|
|
|
adf540 |
#useCracklib 1
|
|
|
adf540 |
#minPoints 3
|
|
|
adf540 |
#minUpper 0
|
|
|
adf540 |
#minLower 0
|
|
|
adf540 |
#minDigit 0
|
|
|
adf540 |
#minPunct 0
|
|
|
adf540 |
EOF
|
|
|
adf540 |
mv README{,.check_pwd}
|
|
|
adf540 |
popd
|
|
|
adf540 |
|
|
|
adf540 |
# setup directories for TLS certificates
|
|
|
adf540 |
mkdir -p %{buildroot}%{_sysconfdir}/openldap/certs
|
|
|
adf540 |
|
|
|
adf540 |
# setup data and runtime directories
|
|
|
adf540 |
mkdir -p %{buildroot}%{_sharedstatedir}
|
|
|
adf540 |
mkdir -p %{buildroot}%{_localstatedir}
|
|
|
adf540 |
install -m 0700 -d %{buildroot}%{_sharedstatedir}/ldap
|
|
|
adf540 |
install -m 0755 -d %{buildroot}%{_localstatedir}/run/openldap
|
|
|
adf540 |
|
|
|
adf540 |
# setup autocreation of runtime directories on tmpfs
|
|
|
adf540 |
mkdir -p %{buildroot}%{_tmpfilesdir}/
|
|
|
adf540 |
install -m 0644 %SOURCE3 %{buildroot}%{_tmpfilesdir}/slapd.conf
|
|
|
adf540 |
install -m 0644 %SOURCE6 %{buildroot}%{_tmpfilesdir}/openldap.conf
|
|
|
adf540 |
|
|
|
adf540 |
# install default ldap.conf (customized)
|
|
|
adf540 |
rm -f %{buildroot}%{_sysconfdir}/openldap/ldap.conf
|
|
|
adf540 |
install -m 0644 %SOURCE5 %{buildroot}%{_sysconfdir}/openldap/ldap.conf
|
|
|
adf540 |
|
|
|
adf540 |
# setup maintainance scripts
|
|
|
adf540 |
mkdir -p %{buildroot}%{_libexecdir}
|
|
|
adf540 |
install -m 0755 -d %{buildroot}%{_libexecdir}/openldap
|
|
|
adf540 |
install -m 0644 %SOURCE50 %{buildroot}%{_libexecdir}/openldap/functions
|
|
|
adf540 |
install -m 0755 %SOURCE51 %{buildroot}%{_libexecdir}/openldap/convert-config.sh
|
|
|
adf540 |
install -m 0755 %SOURCE52 %{buildroot}%{_libexecdir}/openldap/check-config.sh
|
|
|
adf540 |
install -m 0755 %SOURCE53 %{buildroot}%{_libexecdir}/openldap/upgrade-db.sh
|
|
|
adf540 |
install -m 0755 %SOURCE54 %{buildroot}%{_libexecdir}/openldap/create-certdb.sh
|
|
|
adf540 |
install -m 0755 %SOURCE55 %{buildroot}%{_libexecdir}/openldap/generate-server-cert.sh
|
|
|
adf540 |
install -m 0755 %SOURCE56 %{buildroot}%{_libexecdir}/openldap/update-ppolicy-schema.sh
|
|
|
adf540 |
|
|
|
adf540 |
# install mdb_* tools
|
|
|
adf540 |
mv %{buildroot}/usr/local/bin/mdb_{copy,dump,load,stat} %{buildroot}%{_libexecdir}/openldap/
|
|
|
adf540 |
mkdir -p %{buildroot}%{_libexecdir}/openldap/man/man1
|
|
|
adf540 |
mv %{buildroot}/usr/local/share/man/man1/mdb_{copy,dump,load,stat}.1 %{buildroot}%{_libexecdir}/openldap/man/man1/
|
|
|
adf540 |
# we don't want the library itself nor header file
|
|
|
adf540 |
rm -f %{buildroot}/usr/local/include/lmdb.h
|
|
|
adf540 |
rm -f %{buildroot}/usr/local/lib/liblmdb.{a,so}
|
|
|
adf540 |
|
|
|
adf540 |
# remove build root from config files and manual pages
|
|
|
adf540 |
perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_sysconfdir}/openldap/*.conf
|
|
|
adf540 |
perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_mandir}/*/*.*
|
|
|
adf540 |
|
|
|
adf540 |
# we don't need the default files -- RPM handles changes
|
|
|
adf540 |
rm -f %{buildroot}%{_sysconfdir}/openldap/*.default
|
|
|
adf540 |
rm -f %{buildroot}%{_sysconfdir}/openldap/schema/*.default
|
|
|
adf540 |
|
|
|
adf540 |
# install an init script for the servers
|
|
|
adf540 |
mkdir -p %{buildroot}%{_unitdir}
|
|
|
adf540 |
install -m 0644 %SOURCE1 %{buildroot}%{_unitdir}/slapd.service
|
|
|
adf540 |
|
|
|
adf540 |
# install syconfig/ldap
|
|
|
adf540 |
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
|
|
|
adf540 |
install -m 644 %SOURCE2 %{buildroot}%{_sysconfdir}/sysconfig/slapd
|
|
|
adf540 |
|
|
|
adf540 |
# move slapd out of _libdir
|
|
|
adf540 |
mv %{buildroot}%{_libdir}/slapd %{buildroot}%{_sbindir}/
|
|
|
adf540 |
|
|
|
adf540 |
# setup tools as symlinks to slapd
|
|
|
adf540 |
rm -f %{buildroot}%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
|
|
adf540 |
rm -f %{buildroot}%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
|
|
adf540 |
for X in acl add auth cat dn index passwd test schema; do ln -s slapd %{buildroot}%{_sbindir}/slap$X ; done
|
|
|
adf540 |
|
|
|
adf540 |
# tweak permissions on the libraries to make sure they're correct
|
|
|
adf540 |
chmod 0755 %{buildroot}%{_libdir}/lib*.so*
|
|
|
adf540 |
chmod 0644 %{buildroot}%{_libdir}/lib*.*a
|
|
|
adf540 |
|
|
|
adf540 |
# slapd.conf(5) is obsoleted since 2.3, see slapd-config(5)
|
|
|
adf540 |
# new configuration will be generated in %%post
|
|
|
adf540 |
mkdir -p %{buildroot}%{_datadir}
|
|
|
adf540 |
install -m 0755 -d %{buildroot}%{_datadir}/openldap-servers
|
|
|
adf540 |
install -m 0644 %SOURCE4 %{buildroot}%{_datadir}/openldap-servers/slapd.ldif
|
|
|
adf540 |
install -m 0750 -d %{buildroot}%{_sysconfdir}/openldap/slapd.d
|
|
|
adf540 |
rm -f %{buildroot}%{_sysconfdir}/openldap/slapd.conf
|
|
|
adf540 |
rm -f %{buildroot}%{_sysconfdir}/openldap/slapd.ldif
|
|
|
adf540 |
|
|
|
adf540 |
# move doc files out of _sysconfdir
|
|
|
adf540 |
mv %{buildroot}%{_sysconfdir}/openldap/schema/README README.schema
|
|
|
adf540 |
mv %{buildroot}%{_sysconfdir}/openldap/DB_CONFIG.example %{buildroot}%{_datadir}/openldap-servers/DB_CONFIG.example
|
|
|
adf540 |
chmod 0644 openldap-%{version}/servers/slapd/back-sql/rdbms_depend/timesten/*.sh
|
|
|
adf540 |
chmod 0644 %{buildroot}%{_datadir}/openldap-servers/DB_CONFIG.example
|
|
|
adf540 |
|
|
|
adf540 |
# remove files which we don't want packaged
|
|
|
adf540 |
rm -f %{buildroot}%{_libdir}/*.la
|
|
|
adf540 |
mv %{buildroot}%{_libdir}/openldap/check_password.so{,.tmp}
|
|
|
adf540 |
rm -f %{buildroot}%{_libdir}/openldap/*.so
|
|
|
adf540 |
mv %{buildroot}%{_libdir}/openldap/check_password.so{.tmp,}
|
|
|
adf540 |
|
|
|
adf540 |
rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example
|
|
|
adf540 |
rmdir %{buildroot}%{_localstatedir}/openldap-data
|
|
|
adf540 |
|
|
|
adf540 |
%post
|
|
|
adf540 |
# create certificate database
|
|
|
adf540 |
%{_libexecdir}/openldap/create-certdb.sh >&/dev/null || :
|
|
|
adf540 |
|
|
|
adf540 |
%postun
|
|
|
adf540 |
#update only on package erase
|
|
|
adf540 |
if [ $1 == 0 ]; then
|
|
|
adf540 |
/sbin/ldconfig
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
%pre servers
|
|
|
adf540 |
|
|
|
adf540 |
# create ldap user and group
|
|
|
adf540 |
getent group ldap &>/dev/null || groupadd -r -g 55 ldap
|
|
|
adf540 |
getent passwd ldap &>/dev/null || \
|
|
|
adf540 |
useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap
|
|
|
adf540 |
|
|
|
adf540 |
if [ $1 -eq 2 ]; then
|
|
|
adf540 |
# package upgrade
|
|
|
adf540 |
|
|
|
adf540 |
old_version=$(rpm -q --qf=%%{version} openldap-servers)
|
|
|
adf540 |
new_version=%{version}
|
|
|
adf540 |
|
|
|
adf540 |
if [ "$old_version" != "$new_version" ]; then
|
|
|
adf540 |
touch %{_sharedstatedir}/ldap/rpm_upgrade_openldap &>/dev/null
|
|
|
adf540 |
fi
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
exit 0
|
|
|
adf540 |
|
|
|
adf540 |
|
|
|
adf540 |
%post servers
|
|
|
adf540 |
|
|
|
adf540 |
/sbin/ldconfig -n %{_libdir}/openldap
|
|
|
adf540 |
|
|
|
adf540 |
%systemd_post slapd.service
|
|
|
adf540 |
|
|
|
adf540 |
# generate sample TLS certificate for server (will not replace)
|
|
|
adf540 |
%{_libexecdir}/openldap/generate-server-cert.sh -o &>/dev/null || :
|
|
|
adf540 |
|
|
|
adf540 |
# generate/upgrade configuration
|
|
|
adf540 |
if [ ! -f %{_sysconfdir}/openldap/slapd.d/cn=config.ldif ]; then
|
|
|
adf540 |
if [ -f %{_sysconfdir}/openldap/slapd.conf ]; then
|
|
|
adf540 |
%{_libexecdir}/openldap/convert-config.sh &>/dev/null
|
|
|
adf540 |
mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
|
|
|
adf540 |
else
|
|
|
adf540 |
%{_libexecdir}/openldap/convert-config.sh -f %{_datadir}/openldap-servers/slapd.ldif &>/dev/null
|
|
|
adf540 |
fi
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
start_slapd=0
|
|
|
adf540 |
|
|
|
adf540 |
# upgrade the database
|
|
|
adf540 |
if [ -f %{_sharedstatedir}/ldap/rpm_upgrade_openldap ]; then
|
|
|
adf540 |
if %{systemctl_bin} --quiet is-active slapd.service; then
|
|
|
adf540 |
%{systemctl_bin} stop slapd.service
|
|
|
adf540 |
start_slapd=1
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
%{_libexecdir}/openldap/upgrade-db.sh &>/dev/null
|
|
|
adf540 |
rm -f %{_sharedstatedir}/ldap/rpm_upgrade_openldap
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
# ensure ppolicy schema updated (bug #1487857)
|
|
|
adf540 |
if [ $1 -eq 2 ]; then
|
|
|
adf540 |
if [ -f %{_sysconfdir}/openldap/slapd.d/cn=config.ldif ]; then
|
|
|
adf540 |
%{_libexecdir}/openldap/update-ppolicy-schema.sh &>/dev/null
|
|
|
adf540 |
fi
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
# conversion from /etc/sysconfig/ldap to /etc/sysconfig/slapd
|
|
|
adf540 |
if [ $1 -eq 2 ]; then
|
|
|
adf540 |
# we expect that 'ldap' will be renamed to 'ldap.rpmsave' after removing the old package
|
|
|
adf540 |
if [ -r %{_sysconfdir}/sysconfig/ldap ]; then
|
|
|
adf540 |
source %{_sysconfdir}/sysconfig/ldap &>/dev/null
|
|
|
adf540 |
|
|
|
adf540 |
new_urls=
|
|
|
adf540 |
[ "$SLAPD_LDAP" != "no" ] && new_urls="$new_urls ldap:///"
|
|
|
adf540 |
[ "$SLAPD_LDAPI" != "no" ] && new_urls="$new_urls ldapi:///"
|
|
|
adf540 |
[ "$SLAPD_LDAPS" == "yes" ] && new_urls="$new_urls ldaps:///"
|
|
|
adf540 |
[ -n "$SLAPD_URLS" ] && new_urls="$new_urls $SLAPD_URLS"
|
|
|
adf540 |
|
|
|
adf540 |
failure=0
|
|
|
adf540 |
cp -f %{_sysconfdir}/sysconfig/slapd %{_sysconfdir}/sysconfig/slapd.rpmconvert
|
|
|
adf540 |
sed -i '/^#\?SLAPD_URLS=/s@.*@SLAPD_URLS="'"$new_urls"'"@' %{_sysconfdir}/sysconfig/slapd.rpmconvert &>/dev/null || failure=1
|
|
|
adf540 |
[ -n "$SLAPD_OPTIONS" ] && \
|
|
|
adf540 |
sed -i '/^#\?SLAPD_OPTIONS=/s@.*$@SLAPD_OPTIONS="'"$SLAPD_OPTIONS"'"@' %{_sysconfdir}/sysconfig/slapd.rpmconvert &>/dev/null || failure=1
|
|
|
adf540 |
|
|
|
adf540 |
if [ $failure -eq 0 ]; then
|
|
|
adf540 |
mv -f %{_sysconfdir}/sysconfig/slapd.rpmconvert %{_sysconfdir}/sysconfig/slapd
|
|
|
adf540 |
else
|
|
|
adf540 |
rm -f %{_sysconfdir}/sysconfig/slapd.rpmconvert
|
|
|
adf540 |
fi
|
|
|
adf540 |
fi
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
# restart after upgrade
|
|
|
adf540 |
if [ $1 -ge 1 ]; then
|
|
|
adf540 |
if [ $start_slapd -eq 1 ]; then
|
|
|
adf540 |
%{systemctl_bin} start slapd.service &>/dev/null || :
|
|
|
adf540 |
else
|
|
|
adf540 |
%{systemctl_bin} condrestart slapd.service &>/dev/null || :
|
|
|
adf540 |
fi
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
exit 0
|
|
|
adf540 |
|
|
|
adf540 |
%preun servers
|
|
|
adf540 |
|
|
|
adf540 |
%systemd_preun slapd.service
|
|
|
adf540 |
|
|
|
adf540 |
|
|
|
adf540 |
%postun servers
|
|
|
adf540 |
|
|
|
adf540 |
/sbin/ldconfig ${_libdir}/openldap
|
|
|
adf540 |
%systemd_postun_with_restart slapd.service
|
|
|
adf540 |
|
|
|
adf540 |
|
|
|
adf540 |
%triggerun servers -- openldap-servers < 2.4.26-6
|
|
|
adf540 |
|
|
|
adf540 |
# migration from SysV to systemd
|
|
|
adf540 |
/usr/bin/systemd-sysv-convert --save slapd &>/dev/null || :
|
|
|
adf540 |
/usr/sbin/chkconfig --del slapd &>/dev/null || :
|
|
|
adf540 |
%{systemctl_bin} try-restart slapd.service &>/dev/null || :
|
|
|
adf540 |
|
|
|
adf540 |
|
|
|
adf540 |
%triggerin servers -- libdb
|
|
|
adf540 |
|
|
|
adf540 |
# libdb upgrade (setup for %%triggerun)
|
|
|
adf540 |
if [ $2 -eq 2 ]; then
|
|
|
adf540 |
# we are interested in minor version changes (both versions of libdb are installed at this moment)
|
|
|
adf540 |
if [ "$(rpm -q --qf="%%{version}\n" libdb | sed 's/\.[0-9]*$//' | sort -u | wc -l)" != "1" ]; then
|
|
|
adf540 |
touch %{_sharedstatedir}/ldap/rpm_upgrade_libdb
|
|
|
adf540 |
else
|
|
|
adf540 |
rm -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb
|
|
|
adf540 |
fi
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
exit 0
|
|
|
adf540 |
|
|
|
adf540 |
|
|
|
adf540 |
%triggerun servers -- libdb
|
|
|
adf540 |
|
|
|
adf540 |
# libdb upgrade (finish %%triggerin)
|
|
|
adf540 |
if [ -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb ]; then
|
|
|
adf540 |
if %{systemctl_bin} --quiet is-active slapd.service; then
|
|
|
adf540 |
%{systemctl_bin} stop slapd.service
|
|
|
adf540 |
start=1
|
|
|
adf540 |
else
|
|
|
adf540 |
start=0
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
%{_libexecdir}/openldap/upgrade-db.sh &>/dev/null
|
|
|
adf540 |
rm -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb
|
|
|
adf540 |
|
|
|
adf540 |
[ $start -eq 1 ] && %{systemctl_bin} start slapd.service &>/dev/null
|
|
|
adf540 |
fi
|
|
|
adf540 |
|
|
|
adf540 |
exit 0
|
|
|
adf540 |
|
|
|
adf540 |
|
|
|
adf540 |
%files
|
|
|
adf540 |
%doc openldap-%{version}/ANNOUNCEMENT
|
|
|
adf540 |
%doc openldap-%{version}/CHANGES
|
|
|
adf540 |
%doc openldap-%{version}/COPYRIGHT
|
|
|
adf540 |
%doc openldap-%{version}/LICENSE
|
|
|
adf540 |
%doc openldap-%{version}/README
|
|
|
adf540 |
%dir %{_sysconfdir}/openldap
|
|
|
adf540 |
%dir %{_sysconfdir}/openldap/certs
|
|
|
adf540 |
%config(noreplace) %{_sysconfdir}/openldap/ldap.conf
|
|
|
adf540 |
%config(noreplace) %{_tmpfilesdir}/openldap.conf
|
|
|
adf540 |
%dir %{_libexecdir}/openldap/
|
|
|
adf540 |
%{_libexecdir}/openldap/create-certdb.sh
|
|
|
adf540 |
%{_libdir}/liblber-2.4*.so.*
|
|
|
adf540 |
%{_libdir}/libldap-2.4*.so.*
|
|
|
adf540 |
%{_libdir}/libldap_r-2.4*.so.*
|
|
|
adf540 |
%{_libdir}/libslapi-2.4*.so.*
|
|
|
adf540 |
%{_mandir}/man5/ldif.5*
|
|
|
adf540 |
%{_mandir}/man5/ldap.conf.5*
|
|
|
adf540 |
|
|
|
adf540 |
%files servers
|
|
|
adf540 |
%doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
|
|
adf540 |
%doc openldap-%{version}/doc/guide/admin/*.html
|
|
|
adf540 |
%doc openldap-%{version}/doc/guide/admin/*.png
|
|
|
adf540 |
%doc openldap-%{version}/servers/slapd/back-perl/SampleLDAP.pm
|
|
|
adf540 |
%doc openldap-%{version}/servers/slapd/back-perl/README.back_perl
|
|
|
adf540 |
%doc openldap-%{version}/servers/slapd/back-perl/README.back_perl
|
|
|
adf540 |
%doc ltb-project-openldap-ppolicy-check-password-%{check_password_version}/README.check_pwd
|
|
|
adf540 |
%doc README.schema
|
|
|
adf540 |
%config(noreplace) %dir %attr(0750,ldap,ldap) %{_sysconfdir}/openldap/slapd.d
|
|
|
adf540 |
%config(noreplace) %{_sysconfdir}/openldap/schema
|
|
|
adf540 |
%config(noreplace) %{_sysconfdir}/sysconfig/slapd
|
|
|
adf540 |
%config(noreplace) %{_tmpfilesdir}/slapd.conf
|
|
|
adf540 |
%config(noreplace) %{_sysconfdir}/openldap/check_password.conf
|
|
|
adf540 |
%dir %attr(0700,ldap,ldap) %{_sharedstatedir}/ldap
|
|
|
adf540 |
%dir %attr(-,ldap,ldap) %{_localstatedir}/run/openldap
|
|
|
adf540 |
%{_unitdir}/slapd.service
|
|
|
adf540 |
%{_datadir}/openldap-servers/
|
|
|
adf540 |
%{_libdir}/openldap/accesslog*
|
|
|
adf540 |
%{_libdir}/openldap/auditlog*
|
|
|
adf540 |
%{_libdir}/openldap/allop*
|
|
|
adf540 |
%{_libdir}/openldap/back_dnssrv*
|
|
|
adf540 |
%{_libdir}/openldap/back_ldap*
|
|
|
adf540 |
%{_libdir}/openldap/back_meta*
|
|
|
adf540 |
%{_libdir}/openldap/back_null*
|
|
|
adf540 |
%{_libdir}/openldap/back_passwd*
|
|
|
adf540 |
%{_libdir}/openldap/back_relay*
|
|
|
adf540 |
%{_libdir}/openldap/back_shell*
|
|
|
adf540 |
%{_libdir}/openldap/back_sock*
|
|
|
adf540 |
%{_libdir}/openldap/back_perl*
|
|
|
adf540 |
%{_libdir}/openldap/collect*
|
|
|
adf540 |
%{_libdir}/openldap/constraint*
|
|
|
adf540 |
%{_libdir}/openldap/dds*
|
|
|
adf540 |
%{_libdir}/openldap/deref*
|
|
|
adf540 |
%{_libdir}/openldap/dyngroup*
|
|
|
adf540 |
%{_libdir}/openldap/dynlist*
|
|
|
adf540 |
%{_libdir}/openldap/memberof*
|
|
|
adf540 |
%{_libdir}/openldap/pcache*
|
|
|
adf540 |
%{_libdir}/openldap/ppolicy*
|
|
|
adf540 |
%{_libdir}/openldap/refint*
|
|
|
adf540 |
%{_libdir}/openldap/retcode*
|
|
|
adf540 |
%{_libdir}/openldap/rwm*
|
|
|
adf540 |
%{_libdir}/openldap/seqmod*
|
|
|
adf540 |
%{_libdir}/openldap/pw-sha2*
|
|
|
adf540 |
%{_libdir}/openldap/smbk5pwd*
|
|
|
adf540 |
%{_libdir}/openldap/sssvlv*
|
|
|
adf540 |
%{_libdir}/openldap/syncprov*
|
|
|
adf540 |
%{_libdir}/openldap/translucent*
|
|
|
adf540 |
%{_libdir}/openldap/unique*
|
|
|
adf540 |
%{_libdir}/openldap/valsort*
|
|
|
adf540 |
%{_libdir}/openldap/check_password*
|
|
|
adf540 |
%{_libexecdir}/openldap/functions
|
|
|
adf540 |
%{_libexecdir}/openldap/convert-config.sh
|
|
|
adf540 |
%{_libexecdir}/openldap/check-config.sh
|
|
|
adf540 |
%{_libexecdir}/openldap/upgrade-db.sh
|
|
|
adf540 |
%{_libexecdir}/openldap/generate-server-cert.sh
|
|
|
adf540 |
%{_libexecdir}/openldap/update-ppolicy-schema.sh
|
|
|
adf540 |
%{_libexecdir}/openldap/mdb_*
|
|
|
adf540 |
%{_libexecdir}/openldap/man/man1/mdb_*
|
|
|
adf540 |
%{_sbindir}/sl*
|
|
|
adf540 |
%{_mandir}/man8/*
|
|
|
adf540 |
%{_mandir}/man5/slapd*.5*
|
|
|
adf540 |
%{_mandir}/man5/slapo-*.5*
|
|
|
adf540 |
# obsolete configuration
|
|
|
adf540 |
%ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf
|
|
|
adf540 |
%ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf.bak
|
|
|
adf540 |
|
|
|
adf540 |
%files servers-sql
|
|
|
adf540 |
%doc openldap-%{version}/servers/slapd/back-sql/docs/*
|
|
|
adf540 |
%doc openldap-%{version}/servers/slapd/back-sql/rdbms_depend
|
|
|
adf540 |
%{_libdir}/openldap/back_sql*
|
|
|
adf540 |
|
|
|
adf540 |
%files clients
|
|
|
adf540 |
%{_bindir}/*
|
|
|
adf540 |
%{_mandir}/man1/*
|
|
|
adf540 |
|
|
|
adf540 |
%files devel
|
|
|
adf540 |
%doc openldap-%{version}/doc/drafts openldap-%{version}/doc/rfc
|
|
|
adf540 |
%{_libdir}/lib*.so
|
|
|
adf540 |
%{_includedir}/*
|
|
|
adf540 |
%{_mandir}/man3/*
|
|
|
adf540 |
|
|
|
adf540 |
%changelog
|
|
|
adf540 |
* Tue Dec 18 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-21
|
|
|
adf540 |
- MozNSS Compat. Layer: Protect /tmp/openldap-tlsmc-* files (#1590184)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Aug 21 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-20
|
|
|
adf540 |
- Backport upstream fixes for ITS 7595 - add OpenSSL EC support (#1584922)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Aug 14 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-19
|
|
|
adf540 |
- Backport upstream fixes for ITS 7506 - fix OpenSSL DH params usage (#1584922)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jun 21 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-18
|
|
|
adf540 |
- MozNSS Compat. Layer: Make log messages more clear (#1543955)
|
|
|
adf540 |
- Build with LDAP_USE_NON_BLOCKING_TLS (#1471039)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jun 21 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-17
|
|
|
adf540 |
- MozNSS Compat. Layer: Fix memleaks reported by valgrind (#1575549)
|
|
|
adf540 |
- Reset OPTIND in libexec/functions for getopts to work in subsequent calls (#1564382)
|
|
|
adf540 |
- MozNSS Compat. Layer: Fix typos, and spelling in the README file header (#1543451)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Apr 4 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-16
|
|
|
adf540 |
- fix: back-ldap StartTLS short connection timeout with high latency connections (#1540336)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Mar 29 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-14
|
|
|
adf540 |
- MozNSS Compat. Layer: Enforce fail when cannot extract CA certs (#1547922)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 31 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-13
|
|
|
adf540 |
- MozNSS Compat. Layer: fix recursive directory deletion (#1516409)
|
|
|
adf540 |
- MozNSS Compat. Layer: fix PIN disclaimer not always shown (#1516409)
|
|
|
adf540 |
- MozNSS Compat. Layer: fix incorrect parsing of CACertDir (#1533955)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 11 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-12
|
|
|
adf540 |
- MozNSS Compat. Layer: Ensure consistency of a PEM dir before usage (#1516409)
|
|
|
adf540 |
+ Warn just before use of a PIN about key file extraction
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 10 2018 Matus Honek <mhonek@redhat.com> - 2.4.44-11
|
|
|
adf540 |
- MozNSS Compat. Layer: Enable usage of NSS DB with PEM cert/key (#1525485)
|
|
|
adf540 |
+ Fix a possible invalid dereference (covscan)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Nov 28 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-10
|
|
|
adf540 |
- Drop update-ppolicy-schema.sh scriptlet's output (#1487857)
|
|
|
adf540 |
- Fix issues in MozNSS compatibility layer (#1400578)
|
|
|
adf540 |
+ Force write file with fsync to avoid race conditions
|
|
|
adf540 |
+ Always filestamp both sql and dbm NSS DB variants to not rely on default DB type prefix
|
|
|
adf540 |
+ Allow missing cert and key which is a valid usecase
|
|
|
adf540 |
+ Create extraction folder only in /tmp to simplify selinux rules
|
|
|
adf540 |
+ Fix Covscan issues
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Nov 3 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-9
|
|
|
adf540 |
- Build with OpenSSL and MozNSS compatibility layer instead of MozNSS (#1400578)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Nov 2 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-8
|
|
|
adf540 |
- fix: Upgrading to OpenLDAP >= 2.4.43 breaks server due to ppolicy changes (#1487857)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Nov 2 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-7
|
|
|
adf540 |
- fix: Manpage incorrectly states ./ldaprc config file is used (#1498841)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Nov 2 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-6
|
|
|
adf540 |
- fix: Upgrading openldap-servers does not restart slapd when rebasing (#1479309)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jun 6 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-5
|
|
|
adf540 |
- fix CVE-2017-9287 openldap: Double free vulnerability in servers/slapd/back-mdb/search.c (#1458210)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Mar 24 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-4
|
|
|
adf540 |
- NSS: Include some CHACHA20POLY1305 ciphers (#1432907)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Mar 15 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-3
|
|
|
adf540 |
- NSS: re-register NSS_Shutdown callback (#1405354)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Mar 15 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-2
|
|
|
adf540 |
- Include MDB tools in openldap-servers (#1428740)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 4 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-1
|
|
|
adf540 |
- Rebase to openldap-2.4.44 (#1386365)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Aug 17 2016 Matus Honek <mhonek@redhat.com> - 2.4.40-13
|
|
|
adf540 |
- fix: Bad log levels in check_password module
|
|
|
adf540 |
- fix: We can't search expected entries from LDAP server
|
|
|
adf540 |
- fix: OpenLDAP ciphersuite parsing doesn't match OpenSSL ciphers man page
|
|
|
adf540 |
+ Add TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 to list of ciphers
|
|
|
adf540 |
+ Add DH cipher string parsing option
|
|
|
adf540 |
+ Correct handling kECDH ciphers with aRSA or aECDSA
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jul 1 2016 Matus Honek <mhonek@redhat.com> - 2.4.40-12
|
|
|
adf540 |
- fix: slapd crash in do_search (#1316450)
|
|
|
adf540 |
- fix: Setting olcTLSProtocolMin does not change supported protocols (#1249093)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon May 30 2016 Matus Honek <mhonek@redhat.com> - 2.4.40-11
|
|
|
adf540 |
- fix: correct inconsistent slapd.d directory permissions (#1255433)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon May 30 2016 Matus Honek <mhonek@redhat.com> - 2.4.40-10
|
|
|
adf540 |
- fix: slapd fails to start on boot (#1315958)
|
|
|
adf540 |
- fix: id_query option is not available after rebasing openldap to 2.4.39 (#1311832)
|
|
|
adf540 |
- Include sha2 module (#1292568)
|
|
|
adf540 |
- Compile AllOp together with other overlays (#990893)
|
|
|
adf540 |
- Missing mutex unlock in accesslog overlay (#1261003)
|
|
|
adf540 |
- ITS#8337 fix missing olcDbChecksum config attr (#1292590)
|
|
|
adf540 |
- ITS#8003 fix off-by-one in LDIF length (#1292619)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 22 2016 Matúš Honěk <mhonek@redhat.com> - 2.4.40-9
|
|
|
adf540 |
- fix: nslcd segfaults due to incorrect mutex initialization (#1294385)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Sep 23 2015 Matúš Honěk <mhonek@redhat.com> - 2.4.40-8
|
|
|
adf540 |
- NSS does not support string ordering (#1231522)
|
|
|
adf540 |
- implement and correct order of parsing attributes (#1231522)
|
|
|
adf540 |
- add multi_mask and multi_strength to correctly handle sets of attributes (#1231522)
|
|
|
adf540 |
- add new cipher suites and correct AES-GCM attributes (#1245279)
|
|
|
adf540 |
- correct DEFAULT ciphers handling to exclude eNULL cipher suites (#1245279)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Sep 14 2015 Matúš Honěk <mhonek@redhat.com> - 2.4.40-7
|
|
|
adf540 |
- Merge two MozNSS cipher suite definition patches into one. (#1245279)
|
|
|
adf540 |
- Use what NSS considers default for DEFAULT cipher string. (#1245279)
|
|
|
adf540 |
- Remove unnecesary defaults from ciphers' definitions (#1245279)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Sep 01 2015 Matúš Honěk <mhonek@redhat.com> - 2.4.40-6
|
|
|
adf540 |
- fix: OpenLDAP shared library destructor triggers memory leaks in NSPR (#1249977)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jul 24 2015 Matúš Honěk <mhonek@redhat.com> - 2.4.40-5
|
|
|
adf540 |
- enhancement: support TLS 1.1 and later (#1231522,#1160467)
|
|
|
adf540 |
- fix: openldap ciphersuite parsing code handles masks incorrectly (#1231522)
|
|
|
adf540 |
- fix the patch in commit da1b5c (fix: OpenLDAP crash in NSS shutdown handling) (#1231228)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jun 29 2015 Matúš Honěk <mhonek@redhat.com> - 2.4.40-4
|
|
|
adf540 |
- fix: rpm -V complains (#1230263) -- make the previous fix do what was intended
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jun 22 2015 Matúš Honěk <mhonek@redhat.com> - 2.4.40-3
|
|
|
adf540 |
- fix: rpm -V complains (#1230263)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jun 3 2015 Matúš Honěk <mhonek@redhat.com> - 2.4.40-2
|
|
|
adf540 |
- fix: missing frontend database indexing (#1226600)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed May 20 2015 Matúš Honěk <mhonek@redhat.com> - 2.4.40-1
|
|
|
adf540 |
- new upstream release (#1147982)
|
|
|
adf540 |
- fix: PIE and RELRO check (#1092562)
|
|
|
adf540 |
- fix: slaptest doesn't convert perlModuleConfig lines (#1184585)
|
|
|
adf540 |
- fix: OpenLDAP crash in NSS shutdown handling (#1158005)
|
|
|
adf540 |
- fix: slapd.service may fail to start if binding to NIC ip (#1198781)
|
|
|
adf540 |
- fix: deadlock during SSL_ForceHandshake when getting connection to replica (#1125152)
|
|
|
adf540 |
- improve check_password (#1174723, #1196243)
|
|
|
adf540 |
- provide an unversioned symlink to check_password.so.1.1 (#1174634)
|
|
|
adf540 |
- add findutils to requires (#1209229)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Dec 4 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.39-6
|
|
|
adf540 |
- refix: slapd.ldif olcFrontend missing important/required objectclass (#1132094)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Nov 28 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.39-5
|
|
|
adf540 |
- add documentation reference to service file (#1087288)
|
|
|
adf540 |
- fix: tls_reqcert try has bad behavior (#1027613)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Nov 25 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.39-4
|
|
|
adf540 |
- support TLS 1.1 and later (#1160468)
|
|
|
adf540 |
- fix: /etc/openldap/certs directory is empty after installation (#1064251)
|
|
|
adf540 |
- fix: Typo in script to generate /usr/libexec/openldap/generate-server-cert.sh (#1087490)
|
|
|
adf540 |
- fix: remove correct tmp file when generating server cert (#1103101)
|
|
|
adf540 |
- fix: slapd.ldif olcFrontend missing important/required objectclass (#1132094)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 26 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.39-3
|
|
|
adf540 |
- move tmpfiles config to correct location (#1069513)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 5 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.39-2
|
|
|
adf540 |
- CVE-2013-4449: segfault on certain queries with rwm overlay (#1061405)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 30 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.39-1
|
|
|
adf540 |
- new upstream release (#1040324)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.4.35-12
|
|
|
adf540 |
- Mass rebuild 2014-01-24
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 16 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.35-11
|
|
|
adf540 |
- fix: missing EOL at the end of default /etc/openldap/ldap.conf (#1053005)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.4.35-10
|
|
|
adf540 |
- Mass rebuild 2013-12-27
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Dec 17 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.35-9
|
|
|
adf540 |
- fix: more typos in manpages (#948562)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Nov 13 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.35-8
|
|
|
adf540 |
- fix: slaptest incorrectly handles 'include' directives containing a custom file (#1023415)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Oct 14 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.35-7
|
|
|
adf540 |
- fix: CLDAP is broken for IPv6 (#1007421)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Sep 4 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.35-6
|
|
|
adf540 |
- fix: typos in manpages (#948562)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jun 14 2013 Jan Synáček <jsynacek@redhat.com> - 2.4.35-5
|
|
|
adf540 |
- fix: using slaptest to convert slapd.conf to LDIF format ignores "loglevel 0"
|
|
|
adf540 |
|
|
|
adf540 |
* Thu May 09 2013 Jan Synáček <jsynacek@redhat.com> 2.4.35-4
|
|
|
adf540 |
- do not needlessly run ldconfig after installing openldap-devel
|
|
|
adf540 |
- fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on (#960222)
|
|
|
adf540 |
- fix: lt_dlopen() with back_perl (#960048)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Apr 09 2013 Jan Synáček <jsynacek@redhat.com> 2.4.35-3
|
|
|
adf540 |
- fix: minor documentation fixes
|
|
|
adf540 |
- set SASL_NOCANON to on by default (#949864)
|
|
|
adf540 |
- remove trailing spaces
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Apr 05 2013 Jan Synáček <jsynacek@redhat.com> 2.4.35-2
|
|
|
adf540 |
- drop the evolution patch
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Apr 02 2013 Jan Synáček <jsynacek@redhat.com> 2.4.35-1
|
|
|
adf540 |
- new upstream release (#947235)
|
|
|
adf540 |
- fix: slapd.service should ensure that network is up before starting (#946921)
|
|
|
adf540 |
- fix: NSS related resource leak (#929357)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Mar 18 2013 Jan Synáček <jsynacek@redhat.com> 2.4.34-2
|
|
|
adf540 |
- fix: syncrepl push DELETE operation does not recover (#920482)
|
|
|
adf540 |
- run autoreconf every build, drop autoreconf patch (#926280)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Mar 11 2013 Jan Synáček <jsynacek@redhat.com> 2.4.34-1
|
|
|
adf540 |
- enable perl backend (#820547)
|
|
|
adf540 |
- package ppolicy-check-password (#829749)
|
|
|
adf540 |
- add perl specific BuildRequires
|
|
|
adf540 |
- fix bogus dates
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Mar 06 2013 Jan Vcelak <jvcelak@fedoraproject.org> 2.4.34-1
|
|
|
adf540 |
- new upstream release (#917603)
|
|
|
adf540 |
- fix: slapcat segfaults if cn=config.ldif not present (#872784)
|
|
|
adf540 |
- use systemd-rpm macros in spec file (#850247)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 31 2013 Jan Synáček <jsynacek@redhat.com> 2.4.33-4
|
|
|
adf540 |
- rebuild against new cyrus-sasl
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 31 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-3
|
|
|
adf540 |
- fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR (#857455)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Oct 12 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-2
|
|
|
adf540 |
- fix: slapd with rwm overlay segfault following ldapmodify (#865685)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Oct 11 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-1
|
|
|
adf540 |
- new upstream release:
|
|
|
adf540 |
+ slapd: ACLs, syncrepl
|
|
|
adf540 |
+ backends: locking and memory management in MDB
|
|
|
adf540 |
+ manpages: slapo-refint
|
|
|
adf540 |
- patch update: MozNSS certificate database in SQL format cannot be used (#860317)
|
|
|
adf540 |
- fix: slapd.service should not use /tmp (#859019)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 14 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.32-3
|
|
|
adf540 |
- fix: some TLS ciphers cannot be enabled (#852338)
|
|
|
adf540 |
- fix: connection hangs after fallback to second server when certificate hostname verification fails (#852476)
|
|
|
adf540 |
- fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded (#852786)
|
|
|
adf540 |
- fix: MozNSS certificate database in SQL format cannot be used (#857373)
|
|
|
adf540 |
- fix: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR (#857455)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Aug 20 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.32-2
|
|
|
adf540 |
- enhancement: TLS, prefer private keys from authenticated slots
|
|
|
adf540 |
- enhancement: TLS, allow certificate specification including token name
|
|
|
adf540 |
- resolve TLS failures in replication in 389 Directory Server
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Aug 01 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.32-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
+ library: double free, SASL handling
|
|
|
adf540 |
+ tools: read SASL_NOCANON from config file
|
|
|
adf540 |
+ slapd: config index renumbering, duplicate error response
|
|
|
adf540 |
+ backends: various fixes in mdb, bdb/hdb, ldap
|
|
|
adf540 |
+ accesslog, syncprov: fix memory leaks in with replication
|
|
|
adf540 |
+ sha2: portability, thread safety, support SSHA256,384,512
|
|
|
adf540 |
+ documentation fixes
|
|
|
adf540 |
|
|
|
adf540 |
* Sat Jul 21 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-7
|
|
|
adf540 |
- fix: slapd refuses to set up TLS with self-signed PEM certificate (#842022)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jul 20 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-6
|
|
|
adf540 |
- multilib fix: move libslapi from openldap-servers to openldap package
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jul 19 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-5
|
|
|
adf540 |
- fix: querying for IPv6 DNS records when IPv6 is disabled on the host (#835013)
|
|
|
adf540 |
- fix: smbk5pwd module computes invalid LM hashes (#841560)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-4
|
|
|
adf540 |
- modify the package build process
|
|
|
adf540 |
+ fix autoconfig files to detect Mozilla NSS library using pkg-config
|
|
|
adf540 |
+ remove compiler flags which are not needed currently
|
|
|
adf540 |
+ build server, client and library together
|
|
|
adf540 |
+ avoid stray dependencies by using --as-needed linker flag
|
|
|
adf540 |
+ enable SLAPI interface in slapd
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jun 27 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-3
|
|
|
adf540 |
- update fix: count constraint broken when using multiple modifications (#795766)
|
|
|
adf540 |
- fix: invalid order of TLS shutdown operations (#808464)
|
|
|
adf540 |
- fix: TLS error messages overwriting in tlsm_verify_cert() (#810462)
|
|
|
adf540 |
- fix: reading pin from file can make all TLS connections hang (#829317)
|
|
|
adf540 |
- CVE-2012-2668: cipher suite selection by name can be ignored (#825875)
|
|
|
adf540 |
- fix: slapd fails to start on reboot (#829272)
|
|
|
adf540 |
- fix: default cipher suite is always selected (#828790)
|
|
|
adf540 |
- fix: less influence between individual TLS contexts:
|
|
|
adf540 |
- replication with TLS does not work (#795763)
|
|
|
adf540 |
- possibly others
|
|
|
adf540 |
|
|
|
adf540 |
* Fri May 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-2
|
|
|
adf540 |
- fix: nss-tools package is required by the base package, not the server subpackage
|
|
|
adf540 |
- fix: MozNSS CA certdir does not work together with PEM CA cert file (#819536)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Apr 24 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
+ library: IPv6 url detection
|
|
|
adf540 |
+ library: rebinding to failed connections
|
|
|
adf540 |
+ server: various fixes in mdb backend
|
|
|
adf540 |
+ server: various fixes in replication
|
|
|
adf540 |
+ server: various fixes in overlays and minor backends
|
|
|
adf540 |
+ documentation fixes
|
|
|
adf540 |
- remove patches which were merged upstream
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Apr 05 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.30-3
|
|
|
adf540 |
- rebuild due to libdb rebase
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Mar 26 2012 Jan Synáček <jsynacek@redhat.com> 2.4.30-2
|
|
|
adf540 |
- fix: Re-binding to a failed connection can segfault (#784989)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Mar 01 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.30-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
+ server: fixes in mdb backend
|
|
|
adf540 |
+ server: fixes in manual pages
|
|
|
adf540 |
+ server: fixes in syncprov, syncrepl, and pcache
|
|
|
adf540 |
- removed patches which were merged upstream
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 22 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.29-4
|
|
|
adf540 |
- fix: missing options in manual pages of client tools (#796232)
|
|
|
adf540 |
- fix: SASL_NOCANON option missing in ldap.conf manual page (#732915)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Feb 21 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.29-3
|
|
|
adf540 |
- fix: ldap_result does not succeed for sssd (#771484)
|
|
|
adf540 |
- Jan Synáček <jsynacek@redhat.com>:
|
|
|
adf540 |
+ fix: count constraint broken when using multiple modifications (#795766)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 20 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.29-2
|
|
|
adf540 |
- fix update: provide ldif2ldbm, not ldib2ldbm (#437104)
|
|
|
adf540 |
- Jan Synáček <jsynacek@redhat.com>:
|
|
|
adf540 |
+ unify systemctl binary paths throughout the specfile and make them usrmove compliant
|
|
|
adf540 |
+ make path to chkconfig binary usrmove compliant
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 15 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.29-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
+ MozNSS fixes
|
|
|
adf540 |
+ connection handling fixes
|
|
|
adf540 |
+ server: buxfixes in mdb backend
|
|
|
adf540 |
+ server: buxfixes in overlays (syncrepl, meta, monitor, perl, sql, dds, rwm)
|
|
|
adf540 |
- openldap-servers now provide ldib2ldbm (#437104)
|
|
|
adf540 |
- certificates management improvements
|
|
|
adf540 |
+ create empty Mozilla NSS certificate database during installation
|
|
|
adf540 |
+ enable builtin Root CA in generated database (#789088)
|
|
|
adf540 |
+ generate server certificate using Mozilla NSS tools instead of OpenSSL tools
|
|
|
adf540 |
+ fix: correct path to check-config.sh in service file (Jan Synáček <jsynacek@redhat.com>)
|
|
|
adf540 |
- temporarily disable certificates checking in check-config.sh script
|
|
|
adf540 |
- fix: check-config.sh get stuck when executing command as a ldap user
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 31 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.28-3
|
|
|
adf540 |
- fix: replication (syncrepl) with TLS causes segfault (#783431)
|
|
|
adf540 |
- fix: slapd segfaults when PEM certificate is used and key is not set (#772890)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.28-2
|
|
|
adf540 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Nov 30 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.28-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
+ server: support for delta-syncrepl in multi master replication
|
|
|
adf540 |
+ server: add experimental backend - MDB
|
|
|
adf540 |
+ server: dynamic configuration for passwd, perl, shell, sock, and sql backends
|
|
|
adf540 |
+ server: support passwords in APR1
|
|
|
adf540 |
+ library: support for Wahl (draft)
|
|
|
adf540 |
+ a lot of bugfixes
|
|
|
adf540 |
- remove patches which were merged upstream
|
|
|
adf540 |
- compile backends as modules (except BDB, HDB, and monitor)
|
|
|
adf540 |
- reload systemd daemon after installation
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Nov 01 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-6
|
|
|
adf540 |
- package cleanup:
|
|
|
adf540 |
+ hardened build: switch from LDFLAGS to RPM macros
|
|
|
adf540 |
+ remove old provides and obsoletes
|
|
|
adf540 |
+ add new slapd maintainance scripts
|
|
|
adf540 |
+ drop defattr macros, clean up permissions in specfile
|
|
|
adf540 |
+ fix rpmlint warnings: macros in comments/changelog
|
|
|
adf540 |
+ fix rpmlint warnings: non UTF-8 documentation
|
|
|
adf540 |
+ rename environment file to be more consistent (ldap -> slapd)
|
|
|
adf540 |
- replace sysv initscript with systemd service file (#
|
|
|
adf540 |
- new format of environment file due to switch to systemd
|
|
|
adf540 |
(automatic conversion is performed)
|
|
|
adf540 |
- patch OpenLDAP to skip empty command line arguments
|
|
|
adf540 |
(arguments expansion in systemd works different than in shell)
|
|
|
adf540 |
- CVE-2011-4079: one-byte buffer overflow in slapd (#749324)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Oct 06 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-5
|
|
|
adf540 |
- rebuild: openldap does not work after libdb rebase (#743824)
|
|
|
adf540 |
- regression fix: openldap built without tcp_wrappers (#743213)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Sep 21 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-4
|
|
|
adf540 |
- new feature update: honor priority/weight with ldap_domain2hostlist (#733078)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Sep 12 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-3
|
|
|
adf540 |
- fix: SSL_ForceHandshake function is not thread safe (#701678)
|
|
|
adf540 |
- fix: allow unsetting of tls_* syncrepl options (#734187)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Aug 24 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-2
|
|
|
adf540 |
- security hardening: library needs partial RELRO support added (#733071)
|
|
|
adf540 |
- fix: NSS_Init* functions are not thread safe (#731112)
|
|
|
adf540 |
- fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819)
|
|
|
adf540 |
- fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818)
|
|
|
adf540 |
- fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)
|
|
|
adf540 |
- fix: DDS overlay tolerance parametr doesn't function and breakes default TTL (#733069)
|
|
|
adf540 |
- manpage fix: errors in manual page slapo-unique (#733070)
|
|
|
adf540 |
- fix: matching wildcard hostnames in certificate Subject field does not work (#733073)
|
|
|
adf540 |
- new feature: honor priority/weight with ldap_domain2hostlist (#733078)
|
|
|
adf540 |
- manpage fix: wrong ldap_sync_destroy() prototype in ldap_sync(3) manpage (#717722)
|
|
|
adf540 |
|
|
|
adf540 |
* Sun Aug 14 2011 Rex Dieter <rdieter@fedoraproject.org> - 2.4.26-1.1
|
|
|
adf540 |
- Rebuilt for rpm (#728707)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 20 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-1
|
|
|
adf540 |
- rebase to new upstream release
|
|
|
adf540 |
- fix: memleak in tlsm_auth_cert_handler (#717730)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jun 27 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.25-1
|
|
|
adf540 |
- rebase to new upstream release
|
|
|
adf540 |
- change default database type from BDB to HDB
|
|
|
adf540 |
- enable ldapi:/// interface by default
|
|
|
adf540 |
- set cn=config management ACLs for root user, SASL external schema (#712495)
|
|
|
adf540 |
- fix: server scriptlets require initscripts package (#716857)
|
|
|
adf540 |
- fix: connection fails if TLS_CACERTDIR doesn't exist but TLS_REQCERT
|
|
|
adf540 |
is set to 'never' (#716854)
|
|
|
adf540 |
- fix: segmentation fault caused by double-free in ldapexop (#699683)
|
|
|
adf540 |
- fix: segmentation fault of client tool when input line in LDIF file
|
|
|
adf540 |
is splitted but indented incorrectly (#716855)
|
|
|
adf540 |
- fix: segmentation fault of client tool when LDIF input file is not terminated
|
|
|
adf540 |
by a new line character (#716858)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Mar 18 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.24-2
|
|
|
adf540 |
- new: system resource limiting for slapd using ulimit
|
|
|
adf540 |
- fix update: openldap can't use TLS after a fork() (#636956)
|
|
|
adf540 |
- fix: possible null pointer dereference in NSS implementation
|
|
|
adf540 |
- fix: openldap-servers upgrade hangs or do not upgrade the database (#664433)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 14 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.24-1
|
|
|
adf540 |
- rebase to 2.4.24
|
|
|
adf540 |
- BDB backend switch from DB4 to DB5
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.23-9
|
|
|
adf540 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 02 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.23-8
|
|
|
adf540 |
- fix update: openldap can't use TLS after a fork() (#636956)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 25 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.23-7
|
|
|
adf540 |
- fix: openldap can't use TLS after a fork() (#636956)
|
|
|
adf540 |
- fix: openldap-server upgrade gets stuck when the database is damaged (#664433)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 20 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.23-6
|
|
|
adf540 |
- fix: some server certificates refused with inadequate type error (#668899)
|
|
|
adf540 |
- fix: default encryption strength dropped in switch to using NSS (#669446)
|
|
|
adf540 |
- systemd compatibility: add configuration file (#656647, #668223)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 06 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.23-5
|
|
|
adf540 |
- initscript: slaptest with '-u' to skip database opening (#667768)
|
|
|
adf540 |
- removed slurpd options from sysconfig/ldap
|
|
|
adf540 |
- fix: verification of self issued certificates (#657984)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 22 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.23-4
|
|
|
adf540 |
- Mozilla NSS - implement full non-blocking semantics
|
|
|
adf540 |
ldapsearch -Z hangs server if starttls fails (#652822)
|
|
|
adf540 |
- updated list of all overlays in slapd.conf (#655899)
|
|
|
adf540 |
- fix database upgrade process (#656257)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Nov 18 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.23-3
|
|
|
adf540 |
- add support for multiple prefixed Mozilla NSS database files in TLS_CACERTDIR
|
|
|
adf540 |
- reject non-file keyfiles in TLS_CACERTDIR (#652315)
|
|
|
adf540 |
- TLS_CACERTDIR precedence over TLS_CACERT (#652304)
|
|
|
adf540 |
- accept only files in hash.0 format in TLS_CACERTDIR (#650288)
|
|
|
adf540 |
- improve SSL/TLS trace messages (#652818)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 01 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.23-2
|
|
|
adf540 |
- fix possible infinite loop when checking permissions of TLS files (#641946)
|
|
|
adf540 |
- removed outdated autofs.schema (#643045)
|
|
|
adf540 |
- removed outdated README.upgrade
|
|
|
adf540 |
- removed relics of migrationtools
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Aug 27 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.23-1
|
|
|
adf540 |
- rebase to 2.4.23
|
|
|
adf540 |
- embeded db4 library removed
|
|
|
adf540 |
- removed bogus links in "SEE ALSO" in several man-pages (#624616)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jul 22 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.22-7
|
|
|
adf540 |
- Mozilla NSS - delay token auth until needed (#616552)
|
|
|
adf540 |
- Mozilla NSS - support use of self signed CA certs as server certs (#614545)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jul 20 2010 Jan Vcelak <jvcelak@redhat.com> - 2.4.22-6
|
|
|
adf540 |
- CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)
|
|
|
adf540 |
- CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452)
|
|
|
adf540 |
- obsolete configuration file moved to /usr/share/openldap-servers (#612602)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jul 01 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.22-5
|
|
|
adf540 |
- another shot at previous fix
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jul 01 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.22-4
|
|
|
adf540 |
- fixed issue with owner of /usr/lib/ldap/__db.* (#609523)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jun 3 2010 Rich Megginson <rmeggins@redhat.com> - 2.4.22-3
|
|
|
adf540 |
- added ldif.h to the public api in the devel package
|
|
|
adf540 |
- added -lldif to the public api
|
|
|
adf540 |
- added HAVE_MOZNSS and other flags to use Mozilla NSS for crypto
|
|
|
adf540 |
|
|
|
adf540 |
* Tue May 18 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.22-2
|
|
|
adf540 |
- rebuild with connectionless support (#587722)
|
|
|
adf540 |
- updated autofs schema (#584808)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue May 04 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.22-1
|
|
|
adf540 |
- rebased to 2.4.22 (mostly bugfixes, added back-ldif, back-null testing support)
|
|
|
adf540 |
- due to some possible issues pointed out in last update testing phase, I'm
|
|
|
adf540 |
pulling back the last change (slapd can't be moved since it depends on /usr
|
|
|
adf540 |
possibly mounted from network)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Mar 19 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.21-6
|
|
|
adf540 |
- moved slapd to start earlier during boot sequence
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Mar 16 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.21-5
|
|
|
adf540 |
- minor corrections of init script (#571235, #570057, #573804)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 24 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.21-4
|
|
|
adf540 |
- fixed SIGSEGV when deleting data using hdb (#562227)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 01 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.21-3
|
|
|
adf540 |
- fixed broken link /usr/sbin/slapschema (#559873)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 19 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.21-2
|
|
|
adf540 |
- removed some static libraries from openldap-devel (#556090)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 11 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.21-1
|
|
|
adf540 |
- rebased openldap to 2.4.21
|
|
|
adf540 |
- rebased bdb to 4.8.26
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 23 2009 Jan Zeleny <jzeleny@redhat.com> - 2.4.19-3
|
|
|
adf540 |
- minor corrections in init script
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 16 2009 Jan Zeleny <jzeleny@redhat.com> - 2.4.19-2
|
|
|
adf540 |
- fixed tls connection accepting when TLSVerifyClient = allow
|
|
|
adf540 |
- /etc/openldap/ldap.conf removed from files owned by openldap-servers
|
|
|
adf540 |
- minor changes in spec file to supress warnings
|
|
|
adf540 |
- some changes in init script, so it would be possible to use it when
|
|
|
adf540 |
using old configuration style
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Nov 06 2009 Jan Zeleny <jzeleny@redhat.com> - 2.4.19-1
|
|
|
adf540 |
- rebased openldap to 2.4.19
|
|
|
adf540 |
- rebased bdb to 4.8.24
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 07 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.18-4
|
|
|
adf540 |
- updated smbk5pwd patch to be linked with libldap (#526500)
|
|
|
adf540 |
- the last buffer overflow patch replaced with the one from upstream
|
|
|
adf540 |
- added /etc/openldap/slapd.d and /etc/openldap/slapd.conf.bak
|
|
|
adf540 |
to files owned by openldap-servers
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Sep 24 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.18-3
|
|
|
adf540 |
- cleanup of previous patch fixing buffer overflow
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Sep 22 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.18-2
|
|
|
adf540 |
- changed configuration approach. Instead od slapd.conf slapd
|
|
|
adf540 |
is using slapd.d directory now
|
|
|
adf540 |
- fix of some issues caused by renaming of init script
|
|
|
adf540 |
- fix of buffer overflow issue in ldif.c pointed out by new glibc
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 18 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.18-1
|
|
|
adf540 |
- rebase of openldap to 2.4.18
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Sep 16 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.16-7
|
|
|
adf540 |
- updated documentation (hashing the cacert dir)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Sep 16 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.16-6
|
|
|
adf540 |
- updated init script to be LSB-compliant (#523434)
|
|
|
adf540 |
- init script renamed to slapd
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.4.16-5
|
|
|
adf540 |
- rebuilt with new openssl
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Aug 25 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.16-4
|
|
|
adf540 |
- updated %%pre script to correctly install openldap group
|
|
|
adf540 |
|
|
|
adf540 |
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.16-2
|
|
|
adf540 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 01 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.16-1
|
|
|
adf540 |
- rebase of openldap to 2.4.16
|
|
|
adf540 |
- fixed minor issue in spec file (output looking interactive
|
|
|
adf540 |
when installing servers)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jun 09 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.15-4
|
|
|
adf540 |
- added $SLAPD_URLS variable to init script (#504504)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Apr 09 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.15-3
|
|
|
adf540 |
- extended previous patch (#481310) to remove options cfMP
|
|
|
adf540 |
from some client tools
|
|
|
adf540 |
- correction of patch setugid (#494330)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Mar 26 2009 Jan Zeleny <jzeleny@redhat.com> 2.4.15-2
|
|
|
adf540 |
- removed -f option from some client tools (#481310)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 25 2009 Jan Safranek <jsafranek@redhat.com> 2.4.15-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Feb 17 2009 Jan Safranek <jsafranek@redhat.com> 2.4.14-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
- upgraded to db-4.7.25
|
|
|
adf540 |
|
|
|
adf540 |
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 2.4.12-3
|
|
|
adf540 |
- rebuild with new openssl
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Dec 15 2008 Caolán McNamara <caolanm@redhat.com> 2.4.12-2
|
|
|
adf540 |
- rebuild for libltdl, i.e. copy config.sub|guess from new location
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 15 2008 Jan Safranek <jsafranek@redhat.com> 2.4.12-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Oct 13 2008 Jan Safranek <jsafranek@redhat.com> 2.4.11-3
|
|
|
adf540 |
- add SLAPD_SHUTDOWN_TIMEOUT to /etc/sysconfig/ldap, allowing admins
|
|
|
adf540 |
to set non-default slapd shutdown timeout
|
|
|
adf540 |
- add checkpoint to default slapd.conf file (#458679)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Sep 1 2008 Jan Safranek <jsafranek@redhat.com> 2.4.11-2
|
|
|
adf540 |
- provide ldif2ldbm functionality for migrationtools
|
|
|
adf540 |
- rediff all patches to get rid of patch fuzz
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jul 21 2008 Jan Safranek <jsafranek@redhat.com> 2.4.11-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
- apply official bdb-4.6.21 patches
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 2 2008 Jan Safranek <jsafranek@redhat.com> 2.4.10-2
|
|
|
adf540 |
- fix CVE-2008-2952 (#453728)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jun 12 2008 Jan Safranek <jsafranek@redhat.com> 2.4.10-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
|
|
|
adf540 |
* Wed May 28 2008 Jan Safranek <jsafranek@redhat.com> 2.4.9-5
|
|
|
adf540 |
- use /sbin/nologin as shell of ldap user (#447919)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue May 13 2008 Jan Safranek <jsafranek@redhat.com> 2.4.9-4
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
- removed unnecessary MigrationTools patches
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Apr 10 2008 Jan Safranek <jsafranek@redhat.com> 2.4.8-4
|
|
|
adf540 |
- bdb upgraded to 4.6.21
|
|
|
adf540 |
- reworked upgrade logic again to run db_upgrade when bdb version
|
|
|
adf540 |
changes
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Mar 5 2008 Jan Safranek <jsafranek@redhat.com> 2.4.8-3
|
|
|
adf540 |
- reworked the upgrade logic, slapcat/slapadd of the whole database
|
|
|
adf540 |
is needed only if minor version changes (2.3.x -> 2.4.y)
|
|
|
adf540 |
- do not try to save database in LDIF format, if openldap-servers package
|
|
|
adf540 |
is being removed (it's up to the admin to do so manually)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Feb 28 2008 Jan Safranek <jsafranek@redhat.com> 2.4.8-2
|
|
|
adf540 |
- migration tools carved out to standalone package "migrationtools"
|
|
|
adf540 |
(#236697)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Feb 22 2008 Jan Safranek <jsafranek@redhat.com> 2.4.8-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Feb 8 2008 Jan Safranek <jsafranek@redhat.com> 2.4.7-7
|
|
|
adf540 |
- fix CVE-2008-0658 (#432014)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 28 2008 Jan Safranek <jsafranek@redhat.com> 2.4.7-6
|
|
|
adf540 |
- init script fixes
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 28 2008 Jan Safranek <jsafranek@redhat.com> 2.4.7-5
|
|
|
adf540 |
- init script made LSB-compliant (#247012)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jan 25 2008 Jan Safranek <jsafranek@redhat.com> 2.4.7-4
|
|
|
adf540 |
- fixed rpmlint warnings and errors
|
|
|
adf540 |
- /etc/openldap/schema/README moved to /usr/share/doc/openldap
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 22 2008 Jan Safranek <jsafranek@redhat.com> 2.4.7-3
|
|
|
adf540 |
- obsoleting compat-openldap properly again :)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 22 2008 Jan Safranek <jsafranek@redhat.com> 2.4.7-2
|
|
|
adf540 |
- obsoleting compat-openldap properly (#429591)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 14 2008 Jan Safranek <jsafranek@redhat.com> 2.4.7-1
|
|
|
adf540 |
- new upstream version (openldap-2.4.7)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Dec 3 2007 Jan Safranek <jsafranek@redhat.com> 2.4.6-1
|
|
|
adf540 |
- new upstream version (openldap-2.4)
|
|
|
adf540 |
- deprecating compat- package
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 5 2007 Jan Safranek <jsafranek@redhat.com> 2.3.39-1
|
|
|
adf540 |
- new upstream release
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Oct 23 2007 Jan Safranek <jsafranek@redhat.com> 2.3.38-4
|
|
|
adf540 |
- fixed multilib issues - all platform independent files have the
|
|
|
adf540 |
same content now (#342791)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Oct 4 2007 Jan Safranek <jsafranek@redhat.com> 2.3.38-3
|
|
|
adf540 |
- BDB downgraded back to 4.4.20 because 4.6.18 is not supported by
|
|
|
adf540 |
openldap (#314821)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Sep 17 2007 Jan Safranek <jsafranek@redhat.com> 2.3.38-2
|
|
|
adf540 |
- skeleton /etc/sysconfig/ldap added
|
|
|
adf540 |
- new SLAPD_LDAP option to turn off listening on ldap:/// (#292591)
|
|
|
adf540 |
- fixed checking of SSL (#292611)
|
|
|
adf540 |
- fixed upgrade with empty database
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Sep 6 2007 Jan Safranek <jsafranek@redhat.com> 2.3.38-1
|
|
|
adf540 |
- new upstream version
|
|
|
adf540 |
- added images to the guide.html (#273581)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Aug 22 2007 Jan Safranek <jsafranek@redhat.com> 2.3.37-3
|
|
|
adf540 |
- just rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Aug 2 2007 Jan Safranek <jsafranek@redhat.com> 2.3.37-2
|
|
|
adf540 |
- do not use specific automake and autoconf
|
|
|
adf540 |
- do not distinguish between NPTL and non-NPTL platforms, we have NPTL
|
|
|
adf540 |
everywhere
|
|
|
adf540 |
- db-4.6.18 integrated
|
|
|
adf540 |
- updated openldap-servers License: field to reference BDB license
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jul 31 2007 Jan Safranek <jsafranek@redhat.com> 2.3.37-1
|
|
|
adf540 |
- new upstream version
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jul 20 2007 Jan Safranek <jsafranek@redhat.com> 2.3.34-7
|
|
|
adf540 |
- MigrationTools-47 integrated
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 4 2007 Jan Safranek <jsafranek@redhat.com> 2.3.34-6
|
|
|
adf540 |
- fix compat-slapcat compilation. Now it can be found in
|
|
|
adf540 |
/usr/lib/compat-openldap/slapcat, because the tool checks argv[0]
|
|
|
adf540 |
(#246581)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jun 29 2007 Jan Safranek <jsafranek@redhat.com> 2.3.34-5
|
|
|
adf540 |
- smbk5pwd added (#220895)
|
|
|
adf540 |
- correctly distribute modules between servers and servers-sql packages
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jun 25 2007 Jan Safranek <jsafranek@redhat.com> 2.3.34-4
|
|
|
adf540 |
- Fix initscript return codes (#242667)
|
|
|
adf540 |
- Provide overlays (as modules; #246036, #245896)
|
|
|
adf540 |
- Add available modules to config file
|
|
|
adf540 |
|
|
|
adf540 |
* Tue May 22 2007 Jan Safranek <jsafranek@redhat.com> 2.3.34-3
|
|
|
adf540 |
- do not create script in /tmp on startup (bz#188298)
|
|
|
adf540 |
- add compat-slapcat to openldap-compat (bz#179378)
|
|
|
adf540 |
- do not import ddp services with migrate_services.pl
|
|
|
adf540 |
(bz#201183)
|
|
|
adf540 |
- sort the hosts by adders, preventing duplicities
|
|
|
adf540 |
in migrate*nis*.pl (bz#201540)
|
|
|
adf540 |
- start slupd for each replicated database (bz#210155)
|
|
|
adf540 |
- add ldconfig to devel post/postun (bz#240253)
|
|
|
adf540 |
- include misc.schema in default slapd.conf (bz#147805)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Apr 23 2007 Jan Safranek <jsafranek@redhat.com> 2.3.34-2
|
|
|
adf540 |
- slapadd during package update is now quiet (bz#224581)
|
|
|
adf540 |
- use _localstatedir instead of var/ during build (bz#220970)
|
|
|
adf540 |
- bind-libbind-devel removed from BuildRequires (bz#216851)
|
|
|
adf540 |
- slaptest is now quiet during service ldap start, if
|
|
|
adf540 |
there is no error/warning (bz#143697)
|
|
|
adf540 |
- libldap_r.so now links with pthread (bz#198226)
|
|
|
adf540 |
- do not strip binaries to produce correct .debuginfo packages
|
|
|
adf540 |
(bz#152516)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 19 2007 Jay Fenlason <fenlason<redhat.com> 2.3.34-1
|
|
|
adf540 |
- New upstream release
|
|
|
adf540 |
- Upgrade the scripts for migrating the database so that they might
|
|
|
adf540 |
actually work.
|
|
|
adf540 |
- change bind-libbind-devel to bind-devel in BuildPreReq
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Dec 4 2006 Thomas Woerner <twoerner@redhat.com> 2.3.30-1.1
|
|
|
adf540 |
- tcp_wrappers has a new devel and libs sub package, therefore changing build
|
|
|
adf540 |
requirement for tcp_wrappers to tcp_wrappers-devel
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Nov 15 2006 Jay Fenlason <fenlason@redhat.com> 2.3.30-1
|
|
|
adf540 |
- New upstream version
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 25 2006 Jay Fenlason <fenlason@redhat.com> 2.3.28-1
|
|
|
adf540 |
- New upstream version
|
|
|
adf540 |
|
|
|
adf540 |
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 2.3.27-4
|
|
|
adf540 |
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Sep 18 2006 Jay Fenlason <fenlason@redhat.com> 2.3.27-3
|
|
|
adf540 |
- Include --enable-multimaster to close
|
|
|
adf540 |
bz#185821: adding slapd_multimaster to the configure options
|
|
|
adf540 |
- Upgade guide.html to the correct one for openladp-2.3.27, closing
|
|
|
adf540 |
bz#190383: openldap 2.3 packages contain the administrator's guide for 2.2
|
|
|
adf540 |
- Remove the quotes from around the slaptestflags in ldap.init
|
|
|
adf540 |
This closes one part of
|
|
|
adf540 |
bz#204593: service ldap fails after having added entries to ldap
|
|
|
adf540 |
- include __db.* in the list of files to check ownership of in
|
|
|
adf540 |
ldap.init, as suggested in
|
|
|
adf540 |
bz#199322: RFE: perform cleanup in ldap.init
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Aug 25 2006 Jay Fenlason <fenlason@redhat.com> 2.3.27-2
|
|
|
adf540 |
- New upstream release
|
|
|
adf540 |
- Include the gethostbyname_r patch so that nss_ldap won't hang
|
|
|
adf540 |
on recursive attemts to ldap_initialize.
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.3.24-2.1
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jun 7 2006 Jay Fenlason <fenlason@redhat.com> 2.3.24-2
|
|
|
adf540 |
- New upstream version
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Apr 27 2006 Jay Fenlason <fenlason@redhat.com> 2.3.21-2
|
|
|
adf540 |
- Upgrade to 2.3.21
|
|
|
adf540 |
- Add two upstream patches for db-4.4.20
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 13 2006 Jay Fenlason <fenlason@redhat.com> 2.3.19-4
|
|
|
adf540 |
- Re-fix ldap.init
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.3.19-3.1
|
|
|
adf540 |
- bump again for double-long bug on ppc(64)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Feb 9 2006 Jay Fenlason <fenlason@redhat.com> 2.3.19-3
|
|
|
adf540 |
- Modify the ldap.init script to call runuser correctly.
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.3.19-2.1
|
|
|
adf540 |
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 10 2006 Jay Fenlason <fenlason@redhat.com> 2.3.19-2
|
|
|
adf540 |
- Upgrade to 2.3.19, which upstream now considers stable
|
|
|
adf540 |
- Modify the -config.patch, ldap.init, and this spec file to put the
|
|
|
adf540 |
pid file and args file in an ldap-owned openldap subdirectory under
|
|
|
adf540 |
/var/run.
|
|
|
adf540 |
- Move back_sql* out of _sbindir/openldap , which requires
|
|
|
adf540 |
hand-moving slapd and slurpd to _sbindir, and recreating symlinks
|
|
|
adf540 |
by hand.
|
|
|
adf540 |
- Retire openldap-2.3.11-ads.patch, which went upstream.
|
|
|
adf540 |
- Update the ldap.init script to run slaptest as the ldap user rather
|
|
|
adf540 |
than as root. This solves
|
|
|
adf540 |
bz#150172 Startup failure after database problem
|
|
|
adf540 |
- Add to the servers post and preun scriptlets so that on preun, the
|
|
|
adf540 |
database is slapcatted to /var/lib/ldap/upgrade.ldif and the
|
|
|
adf540 |
database files are saved to /var/lib/ldap/rpmorig. On post, if
|
|
|
adf540 |
/var/lib/ldap/upgrade.ldif exists, it is slapadded. This means that
|
|
|
adf540 |
on upgrades from 2.3.16-2 to higher versions, the database files may
|
|
|
adf540 |
be automatically upgraded. Unfortunatly, because of the changes to
|
|
|
adf540 |
the preun scriptlet, users have to do the slapcat, etc by hand when
|
|
|
adf540 |
upgrading to 2.3.16-2. Also note that the /var/lib/ldap/rpmorig
|
|
|
adf540 |
files need to be removed by hand because automatically removing your
|
|
|
adf540 |
emergency fallback files is a bad idea.
|
|
|
adf540 |
- Upgrade internal bdb to db-4.4.20. For a clean upgrade, this will
|
|
|
adf540 |
require that users slapcat their databases into a temp file, move
|
|
|
adf540 |
/var/lib/ldap someplace safe, upgrade the openldap rpms, then
|
|
|
adf540 |
slapadd the temp file.
|
|
|
adf540 |
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
|
adf540 |
- rebuilt
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 21 2005 Jay Fenlason <fenlason@redhat.com> 2.3.11-3
|
|
|
adf540 |
- Remove Requires: cyrus-sasl and cyrus-sasl-md5 from openldap- and
|
|
|
adf540 |
compat-openldap- to close
|
|
|
adf540 |
bz#173313 Remove exlicit 'Requires: cyrus-sasl" + 'Requires: cyrus-sasl-md5'
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Nov 10 2005 Jay Fenlason <fenlason@redhat.com> 2.3.11-2
|
|
|
adf540 |
- Upgrade to 2.3.11, which upstream now considers stable.
|
|
|
adf540 |
- Switch compat-openldap to 2.2.29
|
|
|
adf540 |
- remove references to nss_ldap_build from the spec file
|
|
|
adf540 |
- remove references to 2.0 and 2.1 from the spec file.
|
|
|
adf540 |
- reorganize the build() function slightly in the spec file to limit the
|
|
|
adf540 |
number of redundant and conflicting options passedto configure.
|
|
|
adf540 |
- Remove the attempt to hardlink ldapmodify and ldapadd together, since
|
|
|
adf540 |
the current make install make ldapadd a symlink to ldapmodify.
|
|
|
adf540 |
- Include the -ads patches to allow SASL binds to an Active Directory
|
|
|
adf540 |
server to work. Nalin <nalin@redhat.com> wrote the patch, based on my
|
|
|
adf540 |
broken first attempt.
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Nov 10 2005 Tomas Mraz <tmraz@redhat.com> 2.2.29-3
|
|
|
adf540 |
- rebuilt against new openssl
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Oct 10 2005 Jay Fenlason <fenlason@redhat.com> 2.2.29-2
|
|
|
adf540 |
- New upstream version.
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Sep 29 2005 Jay Fenlason <fenlason@redhat.com> 2.2.28-2
|
|
|
adf540 |
- Upgrade to nev upstream version. This makes the 2.2.*-hop patch obsolete.
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Aug 22 2005 Jay Fenlason <fenlason@redhat.com> 2.2.26-2
|
|
|
adf540 |
- Move the slapd.pem file to /etc/pki/tls/certs
|
|
|
adf540 |
and edit the -config patch to match to close
|
|
|
adf540 |
bz#143393 Creates certificates + keys at an insecure/bad place
|
|
|
adf540 |
- also use _sysconfdir instead of hard-coding /etc
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Aug 11 2005 Jay Fenlason <fenlason@redhat.com>
|
|
|
adf540 |
- Add the tls-fix-connection-test patch to close
|
|
|
adf540 |
bz#161991 openldap password disclosure issue
|
|
|
adf540 |
- add the hop patches to prevent infinite looping when chasing referrals.
|
|
|
adf540 |
OpenLDAP ITS #3578
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Aug 5 2005 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- fix typo in ldap.init (call $klist instead of klist, from Charles Lopes)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu May 19 2005 Nalin Dahyabhai <nalin@redhat.com> 2.2.26-1
|
|
|
adf540 |
- run slaptest with the -u flag if no id2entry db files are found, because
|
|
|
adf540 |
you can't check for read-write access to a non-existent database (#156787)
|
|
|
adf540 |
- add _sysconfdir/openldap/cacerts, which authconfig sets as the
|
|
|
adf540 |
TLS_CACERTDIR path in /etc/openldap/ldap.conf now
|
|
|
adf540 |
- use a temporary wrapper script to launch slapd, in case we have arguments
|
|
|
adf540 |
with embedded whitespace (#158111)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed May 4 2005 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.2.26 (stable 20050429)
|
|
|
adf540 |
- enable the lmpasswd scheme
|
|
|
adf540 |
- print a warning if slaptest fails, slaptest -u succeeds, and one of the
|
|
|
adf540 |
directories listed as the storage location for a given suffix in slapd.conf
|
|
|
adf540 |
contains a readable file named __db.001 (#118678)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Apr 26 2005 Nalin Dahyabhai <nalin@redhat.com> 2.2.25-1
|
|
|
adf540 |
- update to 2.2.25 (release)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Apr 26 2005 Nalin Dahyabhai <nalin@redhat.com> 2.2.24-1
|
|
|
adf540 |
- update to 2.2.24 (stable 20050318)
|
|
|
adf540 |
- export KRB5_KTNAME in the init script, in case it was set in the sysconfig
|
|
|
adf540 |
file but not exported
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Mar 1 2005 Nalin Dahyabhai <nalin@redhat.com> 2.2.23-4
|
|
|
adf540 |
- prefer libresolv to libbind
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Mar 1 2005 Nalin Dahyabhai <nalin@redhat.com> 2.2.23-3
|
|
|
adf540 |
- add bind-libbind-devel and libtool-ltdl-devel buildprereqs
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Mar 1 2005 Tomas Mraz <tmraz@redhat.com> 2.2.23-2
|
|
|
adf540 |
- rebuild with openssl-0.9.7e
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 31 2005 Nalin Dahyabhai <nalin@redhat.com> 2.2.23-1
|
|
|
adf540 |
- update to 2.2.23 (stable-20050125)
|
|
|
adf540 |
- update notes on upgrading from earlier versions
|
|
|
adf540 |
- drop slapcat variations for 2.0/2.1, which choke on 2.2's config files
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 4 2005 Nalin Dahyabhai <nalin@redhat.com> 2.2.20-1
|
|
|
adf540 |
- update to 2.2.20 (stable-20050103)
|
|
|
adf540 |
- warn about unreadable krb5 keytab files containing "ldap" keys
|
|
|
adf540 |
- warn about unreadable TLS-related files
|
|
|
adf540 |
- own a ref to subdirectories which we create under _libdir/tls
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Nov 2 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.17-0
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Sep 30 2004 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.2.17 (stable-20040923) (#135188)
|
|
|
adf540 |
- move nptl libraries into arch-specific subdirectories on x86 boxes
|
|
|
adf540 |
- require a newer glibc which can provide nptl libpthread on i486/i586
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- move slapd startup to earlier in the boot sequence (#103160)
|
|
|
adf540 |
- update to 2.2.15 (stable-20040822)
|
|
|
adf540 |
- change version number on compat-openldap to include the non-compat version
|
|
|
adf540 |
from which it's compiled, otherwise would have to start 2.2.15 at release 3
|
|
|
adf540 |
so that it upgrades correctly
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Aug 19 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-2
|
|
|
adf540 |
- build a separate, static set of libraries for openldap-devel with the
|
|
|
adf540 |
non-standard ntlm bind patch applied, for use by the evolution-connector
|
|
|
adf540 |
package (#125579), and installing them under
|
|
|
adf540 |
evolution_connector_prefix)
|
|
|
adf540 |
- provide openldap-evolution-devel = version-release in openldap-devel
|
|
|
adf540 |
so that evolution-connector's source package can require a version of
|
|
|
adf540 |
openldap-devel which provides what it wants
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jul 26 2004 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update administrator guide
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jun 16 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-1
|
|
|
adf540 |
- add compat-openldap subpackage
|
|
|
adf540 |
- default to bdb, as upstream does, gambling that we're only going to be
|
|
|
adf540 |
on systems with nptl now
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jun 15 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-0
|
|
|
adf540 |
- preliminary 2.2.13 update
|
|
|
adf540 |
- move ucdata to the -servers subpackage where it belongs
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jun 15 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.30-1
|
|
|
adf540 |
- build experimental sql backend as a loadable module
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
adf540 |
- rebuilt
|
|
|
adf540 |
|
|
|
adf540 |
* Tue May 18 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.30-0
|
|
|
adf540 |
- update to 2.1.30
|
|
|
adf540 |
|
|
|
adf540 |
* Thu May 13 2004 Thomas Woerner <twoerner@redhat.com> 2.1.29-3
|
|
|
adf540 |
- removed rpath
|
|
|
adf540 |
- added pie patch: slapd and slurpd are now pie
|
|
|
adf540 |
- requires libtool >= 1.5.6-2 (PIC libltdl.a)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Apr 16 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.29-2
|
|
|
adf540 |
- move rfc documentation from main to -devel (#121025)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Apr 14 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.29-1
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Apr 6 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.29-0
|
|
|
adf540 |
- update to 2.1.29 (stable 20040329)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Mar 29 2004 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- don't build servers with --with-kpasswd, that option hasn't been recognized
|
|
|
adf540 |
since 2.1.23
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> 2.1.25-5.1
|
|
|
adf540 |
- rebuilt
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 23 2004 Tim Waugh <twaugh@redhat.com> 2.1.25-5
|
|
|
adf540 |
- Use ':' instead of '.' as separator for chown.
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
adf540 |
- rebuilt
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Feb 10 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-4
|
|
|
adf540 |
- remove 'reload' from the init script -- it never worked as intended (#115310)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 4 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-3
|
|
|
adf540 |
- commit that last fix correctly this time
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Feb 3 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-2
|
|
|
adf540 |
- fix incorrect use of find when attempting to detect a common permissions
|
|
|
adf540 |
error in the init script (#114866)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jan 16 2004 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add bug fix patch for DB 4.2.52
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 8 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-1
|
|
|
adf540 |
- change logging facility used from daemon to local4 (#112730, reversing #11047)
|
|
|
adf540 |
BEHAVIOR CHANGE - SHOULD BE MENTIONED IN THE RELEASE NOTES.
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 7 2004 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- incorporate fix for logic quasi-bug in slapd's SASL auxprop code (Dave Jones)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Dec 18 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.1.25, now marked STABLE
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Dec 11 2003 Jeff Johnson <jbj@jbj.org> 2.1.22-9
|
|
|
adf540 |
- update to db-4.2.52.
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Oct 23 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-8
|
|
|
adf540 |
- add another section to the ABI note for the TLS libdb so that it's marked as
|
|
|
adf540 |
not needing an executable stack (from Arjan Van de Ven)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Oct 16 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-7
|
|
|
adf540 |
- force bundled libdb to not use O_DIRECT by making it forget that we have it
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 15 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- build bundled libdb for slapd dynamically to make the package smaller,
|
|
|
adf540 |
among other things
|
|
|
adf540 |
- on tls-capable arches, build libdb both with and without shared posix
|
|
|
adf540 |
mutexes, otherwise just without
|
|
|
adf540 |
- disable posix mutexes unconditionally for db 4.0, which shouldn't need
|
|
|
adf540 |
them for the migration cases where it's used
|
|
|
adf540 |
- update to MigrationTools 45
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Sep 25 2003 Jeff Johnson <jbj@jbj.org> 2.1.22-6.1
|
|
|
adf540 |
- upgrade db-4.1.25 to db-4.2.42.
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 12 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-6
|
|
|
adf540 |
- drop rfc822-MailMember.schema, merged into upstream misc.schema at some point
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Aug 27 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- actually require newer libtool, as was intended back in 2.1.22-0, noted as
|
|
|
adf540 |
missed by Jim Richardson
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jul 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-5
|
|
|
adf540 |
- enable rlookups, they don't cost anything unless also enabled in slapd's
|
|
|
adf540 |
configuration file
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-4
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-3
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-2
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-1
|
|
|
adf540 |
- build
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jul 14 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-0
|
|
|
adf540 |
- 2.1.22 now badged stable
|
|
|
adf540 |
- be more aggressive in what we index by default
|
|
|
adf540 |
- use/require libtool 1.5
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jun 30 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.1.22
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
|
|
adf540 |
- rebuilt
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jun 3 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.21-1
|
|
|
adf540 |
- update to 2.1.21
|
|
|
adf540 |
- enable ldap, meta, monitor, null, rewrite in slapd
|
|
|
adf540 |
|
|
|
adf540 |
* Mon May 19 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.20-1
|
|
|
adf540 |
- update to 2.1.20
|
|
|
adf540 |
|
|
|
adf540 |
* Thu May 8 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.19-1
|
|
|
adf540 |
- update to 2.1.19
|
|
|
adf540 |
|
|
|
adf540 |
* Mon May 5 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.17-1
|
|
|
adf540 |
- switch to db with crypto
|
|
|
adf540 |
|
|
|
adf540 |
* Fri May 2 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- install the db utils for the bundled libdb as %%{_sbindir}/slapd_db_*
|
|
|
adf540 |
- install slapcat/slapadd from 2.0.x for migration purposes
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Apr 30 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.1.17
|
|
|
adf540 |
- disable the shell backend, not expected to work well with threads
|
|
|
adf540 |
- drop the kerberosSecurityObject schema, the krbName attribute it
|
|
|
adf540 |
contains is only used if slapd is built with v2 kbind support
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.27-8
|
|
|
adf540 |
- back down to db 4.0.x, which 2.0.x can compile with in ldbm-over-db setups
|
|
|
adf540 |
- tweak SuSE patch to fix a few copy-paste errors and a NULL dereference
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
|
|
adf540 |
- rebuilt
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.27-6
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Dec 16 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.27-5
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Dec 13 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.27-4
|
|
|
adf540 |
- check for setgid as well
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Dec 12 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.27-3
|
|
|
adf540 |
- rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Dec 12 2002 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- incorporate fixes from SuSE's security audit, except for fixes to ITS 1963,
|
|
|
adf540 |
1936, 2007, 2009, which were included in 2.0.26.
|
|
|
adf540 |
- add two more patches for db 4.1.24 from sleepycat's updates page
|
|
|
adf540 |
- use openssl pkgconfig data, if any is available
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 11 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.27-2
|
|
|
adf540 |
- add patches for db 4.1.24 from sleepycat's updates page
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 4 2002 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add a sample TLSCACertificateFile directive to the default slapd.conf
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Sep 24 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.27-1
|
|
|
adf540 |
- update to 2.0.27
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 20 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.26-1
|
|
|
adf540 |
- update to 2.0.26, db 4.1.24.NC
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 13 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.25-2
|
|
|
adf540 |
- change LD_FLAGS to refer to /usr/kerberos/_libdir instead of
|
|
|
adf540 |
/usr/kerberos/lib, which might not be right on some arches
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Aug 26 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.25-1
|
|
|
adf540 |
- update to 2.0.25 "stable", ldbm-over-gdbm (putting off migration of LDBM
|
|
|
adf540 |
slapd databases until we move to 2.1.x)
|
|
|
adf540 |
- use %%{_smp_mflags} when running make
|
|
|
adf540 |
- update to MigrationTools 44
|
|
|
adf540 |
- enable dynamic module support in slapd
|
|
|
adf540 |
|
|
|
adf540 |
* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.23-5
|
|
|
adf540 |
- rebuild in new environment
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.23-3
|
|
|
adf540 |
- use the gdbm backend again
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 18 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.23-2
|
|
|
adf540 |
- make slapd.conf read/write by root, read by ldap
|
|
|
adf540 |
|
|
|
adf540 |
* Sun Feb 17 2002 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- fix corner case in sendbuf fix
|
|
|
adf540 |
- 2.0.23 now marked "stable"
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Feb 12 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.23-1
|
|
|
adf540 |
- update to 2.0.23
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Feb 8 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.22-2
|
|
|
adf540 |
- switch to an internalized Berkeley DB as the ldbm back-end (NOTE: this breaks
|
|
|
adf540 |
access to existing on-disk directory data)
|
|
|
adf540 |
- add slapcat/slapadd with gdbm for migration purposes
|
|
|
adf540 |
- remove Kerberos dependency in client libs (the direct Kerberos dependency
|
|
|
adf540 |
is used by the server for checking {kerberos} passwords)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Feb 1 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.22-1
|
|
|
adf540 |
- update to 2.0.22
|
|
|
adf540 |
|
|
|
adf540 |
* Sat Jan 26 2002 Florian La Roche <Florian.LaRoche@redhat.de> 2.0.21-5
|
|
|
adf540 |
- prereq chkconfig for server subpackage
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jan 25 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.21-4
|
|
|
adf540 |
- update migration tools to version 40
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.21-3
|
|
|
adf540 |
- free ride through the build system
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 16 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.21-2
|
|
|
adf540 |
- update to 2.0.21, now earmarked as STABLE
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 16 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.20-2
|
|
|
adf540 |
- temporarily disable optimizations for ia64 arches
|
|
|
adf540 |
- specify pthreads at configure-time instead of letting configure guess
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 14 2002 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- and one for Raw Hide
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 14 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.20-0.7
|
|
|
adf540 |
- build for RHL 7/7.1
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 14 2002 Nalin Dahyabhai <nalin@redhat.com> 2.0.20-1
|
|
|
adf540 |
- update to 2.0.20 (security errata)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.19-1
|
|
|
adf540 |
- update to 2.0.19
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Nov 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.18-2
|
|
|
adf540 |
- fix the commented-out replication example in slapd.conf
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Oct 26 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.18-1
|
|
|
adf540 |
- update to 2.0.18
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Oct 15 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.17-1
|
|
|
adf540 |
- update to 2.0.17
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 10 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- disable kbind support (deprecated, and I suspect unused)
|
|
|
adf540 |
- configure with --with-kerberos=k5only instead of --with-kerberos=k5
|
|
|
adf540 |
- build slapd with threads
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.15-2
|
|
|
adf540 |
- rebuild, 2.0.15 is now designated stable
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 21 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.15-1
|
|
|
adf540 |
- update to 2.0.15
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Sep 10 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.14-1
|
|
|
adf540 |
- update to 2.0.14
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Aug 31 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.12-1
|
|
|
adf540 |
- update to 2.0.12 to pull in fixes for setting of default TLS options, among
|
|
|
adf540 |
other things
|
|
|
adf540 |
- update to migration tools 39
|
|
|
adf540 |
- drop tls patch, which was fixed better in this release
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Aug 21 2001 Nalin Dahyabhai <nalin@redhat.com> 2.0.11-13
|
|
|
adf540 |
- install saucer correctly
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- try to fix ldap_set_options not being able to set global options related
|
|
|
adf540 |
to TLS correctly
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- don't attempt to create a cert at install-time, it's usually going
|
|
|
adf540 |
to get the wrong CN (#51352)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add a build-time requirement on pam-devel
|
|
|
adf540 |
- add a build-time requirement on a sufficiently-new libtool to link
|
|
|
adf540 |
shared libraries to other shared libraries (which is needed in order
|
|
|
adf540 |
for prelinking to work)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Aug 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- require cyrus-sasl-md5 (support for DIGEST-MD5 is required for RFC
|
|
|
adf540 |
compliance) by name (follows from #43079, which split cyrus-sasl's
|
|
|
adf540 |
cram-md5 and digest-md5 modules out into cyrus-sasl-md5)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jul 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- enable passwd back-end (noted by Alan Sparks and Sergio Kessler)
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- start to prep for errata release
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jul 6 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- link libldap with liblber
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 4 2001 Than Ngo <than@redhat.com> 2.0.11-6
|
|
|
adf540 |
- add symlink liblber.so libldap.so and libldap_r.so in /usr/lib
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jul 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- move shared libraries to /lib
|
|
|
adf540 |
- redo init script for better internationalization (#26154)
|
|
|
adf540 |
- don't use ldaprc files in the current directory (#38402) (patch from
|
|
|
adf540 |
hps@intermeta.de)
|
|
|
adf540 |
- add BuildPrereq on tcp wrappers since we configure with
|
|
|
adf540 |
--enable-wrappers (#43707)
|
|
|
adf540 |
- don't overflow debug buffer in mail500 (#41751)
|
|
|
adf540 |
- don't call krb5_free_creds instead of krb5_free_cred_contents any
|
|
|
adf540 |
more (#43159)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jul 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- make config files noreplace (#42831)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- actually change the default config to use the dummy cert
|
|
|
adf540 |
- update to MigrationTools 38
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- build dummy certificate in %%post, use it in default config
|
|
|
adf540 |
- configure-time shenanigans to help a confused configure script
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jun 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- tweak migrate_automount and friends so that they can be run from anywhere
|
|
|
adf540 |
|
|
|
adf540 |
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.11
|
|
|
adf540 |
|
|
|
adf540 |
* Wed May 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.10
|
|
|
adf540 |
|
|
|
adf540 |
* Mon May 21 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.9
|
|
|
adf540 |
|
|
|
adf540 |
* Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.8
|
|
|
adf540 |
- drop patch which came from upstream
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- rebuild in new environment
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Feb 8 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- back out pidfile patches, which interact weirdly with Linux threads
|
|
|
adf540 |
- mark non-standard schema as such by moving them to a different directory
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 5 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to MigrationTools 36, adds netgroup support
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jan 29 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- fix thinko in that last patch
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- try to work around some buffering problems
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- gettextize the init script
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- gettextize the init script
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jan 12 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- move the RFCs to the base package (#21701)
|
|
|
adf540 |
- update to MigrationTools 34
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jan 10 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add support for additional OPTIONS, SLAPD_OPTIONS, and SLURPD_OPTIONS in
|
|
|
adf540 |
a /etc/sysconfig/ldap file (#23549)
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Dec 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- change automount object OID from 1.3.6.1.1.1.2.9 to 1.3.6.1.1.1.2.13,
|
|
|
adf540 |
per mail from the ldap-nis mailing list
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- force -fPIC so that shared libraries don't fall over
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Dec 4 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add Norbert Klasen's patch (via Del) to fix searches using ldaps URLs
|
|
|
adf540 |
(OpenLDAP ITS #889)
|
|
|
adf540 |
- add "-h ldaps:///" to server init when TLS is enabled, in order to support
|
|
|
adf540 |
ldaps in addition to the regular STARTTLS (suggested by Del)
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- correct mismatched-dn-cn bug in migrate_automount.pl
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to the correct OIDs for automount and automountInformation
|
|
|
adf540 |
- add notes on upgrading
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.7
|
|
|
adf540 |
- drop chdir patch (went mainstream)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Nov 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- change automount object classes from auxiliary to structural
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to Migration Tools 27
|
|
|
adf540 |
- change the sense of the last simple patch
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- reorganize the patch list to separate MigrationTools and OpenLDAP patches
|
|
|
adf540 |
- switch to Luke Howard's rfc822MailMember schema instead of the aliases.schema
|
|
|
adf540 |
- configure slapd to run as the non-root user "ldap" (#19370)
|
|
|
adf540 |
- chdir() before chroot() (we don't use chroot, though) (#19369)
|
|
|
adf540 |
- disable saving of the pid file because the parent thread which saves it and
|
|
|
adf540 |
the child thread which listens have different pids
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 11 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add missing required attributes to conversion scripts to comply with schema
|
|
|
adf540 |
- add schema for mail aliases, autofs, and kerberosSecurityObject rooted in
|
|
|
adf540 |
our own OID tree to define attributes and classes migration scripts expect
|
|
|
adf540 |
- tweak automounter migration script
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Oct 9 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- try adding the suffix first when doing online migrations
|
|
|
adf540 |
- force ldapadd to use simple authentication in migration scripts
|
|
|
adf540 |
- add indexing of a few attributes to the default configuration
|
|
|
adf540 |
- add commented-out section on using TLS to default configuration
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.6
|
|
|
adf540 |
- add buildprereq on cyrus-sasl-devel, krb5-devel, openssl-devel
|
|
|
adf540 |
- take the -s flag off of slapadd invocations in migration tools
|
|
|
adf540 |
- add the cosine.schema to the default server config, needed by inetorgperson
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 4 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add the nis.schema and inetorgperson.schema to the default server config
|
|
|
adf540 |
- make ldapadd a hard link to ldapmodify because they're identical binaries
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 22 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.4
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 15 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- remove prereq on /etc/init.d (#17531)
|
|
|
adf540 |
- update to 2.0.3
|
|
|
adf540 |
- add saucer to the included clients
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.1
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Sep 1 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 2.0.0
|
|
|
adf540 |
- patch to build against MIT Kerberos 1.1 and later instead of 1.0.x
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Aug 22 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- remove that pesky default password
|
|
|
adf540 |
- change "Copyright:" to "License:"
|
|
|
adf540 |
|
|
|
adf540 |
* Sun Aug 13 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- adjust permissions in files lists
|
|
|
adf540 |
- move libexecdir from %%{_prefix}/sbin to %%{_sbindir}
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Aug 11 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add migrate_automount.pl to the migration scripts set
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Aug 8 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- build a semistatic slurpd with threads, everything else without
|
|
|
adf540 |
- disable reverse lookups, per email on OpenLDAP mailing lists
|
|
|
adf540 |
- make sure the execute bits are set on the shared libraries
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jul 31 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- change logging facility used from local4 to daemon (#11047)
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jul 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- split off clients and servers to shrink down the package and remove the
|
|
|
adf540 |
base package's dependency on Perl
|
|
|
adf540 |
- make certain that the binaries have sane permissions
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- move the init script back
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jul 13 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- tweak the init script to only source /etc/sysconfig/network if it's found
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
|
|
|
adf540 |
- automatic rebuild
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jul 10 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- switch to gdbm; I'm getting off the db merry-go-round
|
|
|
adf540 |
- tweak the init script some more
|
|
|
adf540 |
- add instdir to @INC in migration scripts
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- tweak init script to return error codes properly
|
|
|
adf540 |
- change initscripts dependency to one on /etc/init.d
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jul 4 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- prereq initscripts
|
|
|
adf540 |
- make migration scripts use mktemp
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- do condrestart in post and stop in preun
|
|
|
adf540 |
- move init script to /etc/init.d
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jun 16 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 1.2.11
|
|
|
adf540 |
- add condrestart logic to init script
|
|
|
adf540 |
- munge migration scripts so that you don't have to be
|
|
|
adf540 |
/usr/share/openldap/migration to run them
|
|
|
adf540 |
- add code to create pid files in /var/run
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Jun 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- FHS tweaks
|
|
|
adf540 |
- fix for compiling with libdb2
|
|
|
adf540 |
|
|
|
adf540 |
* Thu May 4 2000 Bill Nottingham <notting@redhat.com>
|
|
|
adf540 |
- minor tweak so it builds on ia64
|
|
|
adf540 |
|
|
|
adf540 |
* Wed May 3 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- more minimalistic fix for bug #11111 after consultation with OpenLDAP team
|
|
|
adf540 |
- backport replacement for the ldapuser patch
|
|
|
adf540 |
|
|
|
adf540 |
* Tue May 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- fix segfaults from queries with commas in them in in.xfingerd (bug #11111)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Apr 25 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 1.2.10
|
|
|
adf540 |
- add revamped version of patch from kos@bastard.net to allow execution as
|
|
|
adf540 |
any non-root user
|
|
|
adf540 |
- remove test suite from %%build because of weirdness in the build system
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Apr 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- move the defaults for databases and whatnot to /var/lib/ldap (bug #10714)
|
|
|
adf540 |
- fix some possible string-handling problems
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Feb 14 2000 Bill Nottingham <notting@redhat.com>
|
|
|
adf540 |
- start earlier, stop later.
|
|
|
adf540 |
|
|
|
adf540 |
* Thu Feb 3 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- auto rebuild in new environment (release 4)
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Feb 1 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- add -D_REENTRANT to make threaded stuff more stable, even though it looks
|
|
|
adf540 |
like the sources define it, too
|
|
|
adf540 |
- mark *.ph files in migration tools as config files
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jan 21 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
adf540 |
- update to 1.2.9
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Sep 13 1999 Bill Nottingham <notting@redhat.com>
|
|
|
adf540 |
- strip files
|
|
|
adf540 |
|
|
|
adf540 |
* Sat Sep 11 1999 Bill Nottingham <notting@redhat.com>
|
|
|
adf540 |
- update to 1.2.7
|
|
|
adf540 |
- fix some bugs from bugzilla (#4885, #4887, #4888, #4967)
|
|
|
adf540 |
- take include files out of base package
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Aug 27 1999 Jeff Johnson <jbj@redhat.com>
|
|
|
adf540 |
- missing ;; in init script reload) (#4734).
|
|
|
adf540 |
|
|
|
adf540 |
* Tue Aug 24 1999 Cristian Gafton <gafton@redhat.com>
|
|
|
adf540 |
- move stuff from /usr/libexec to /usr/sbin
|
|
|
adf540 |
- relocate config dirs to /etc/openldap
|
|
|
adf540 |
|
|
|
adf540 |
* Mon Aug 16 1999 Bill Nottingham <notting@redhat.com>
|
|
|
adf540 |
- initscript munging
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Aug 11 1999 Cristian Gafton <gafton@redhat.com>
|
|
|
adf540 |
- add the migration tools to the package
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Aug 06 1999 Cristian Gafton <gafton@redhat.com>
|
|
|
adf540 |
- upgrade to 1.2.6
|
|
|
adf540 |
- add rc.d script
|
|
|
adf540 |
- split -devel package
|
|
|
adf540 |
|
|
|
adf540 |
* Sun Feb 07 1999 Preston Brown <pbrown@redhat.com>
|
|
|
adf540 |
- upgrade to latest stable (1.1.4), it now uses configure macro.
|
|
|
adf540 |
|
|
|
adf540 |
* Fri Jan 15 1999 Bill Nottingham <notting@redhat.com>
|
|
|
adf540 |
- build on arm, glibc2.1
|
|
|
adf540 |
|
|
|
adf540 |
* Wed Oct 28 1998 Preston Brown <pbrown@redhat.com>
|
|
|
adf540 |
- initial cut.
|
|
|
adf540 |
- patches for signal handling on the alpha
|